mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-01-22 05:11:23 -05:00
005e865a13
* [wip] use state file in CLI Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> tidy Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use state file in CLI Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> take clusterConfig from IDFile for compat Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> various fixes Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> wip Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add GCP-specific values in Helm loader test Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove unnecessary pointer Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * write ClusterValues in one step Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * move stub to test file Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove mention of id-file Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * move output to `migrateTerraform` Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * unconditional assignments converting from idFile Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * move require block in go modules file Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fall back to id file on upgrade Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * tidy Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix linter check Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add notice to remove Terraform state check on manual migration Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add `name` field Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> fix name tests Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * return early if no Terraform diff Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * tidy Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * return infrastructure state even if no diff exists Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add TODO to remove comment Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use state-file in miniconstellation Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * cli: remove id-file (#2402) * remove id-file from `constellation create` Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add file renaming to handler * rename id-file after upgrade * use idFile on `constellation init` Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove id-file from `constellation verify` Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * linter fixes Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove id-file from `constellation mini` * remove id-file from `constellation recover` * linter fixes * remove id-file from `constellation terminate` * fix initSecret type * fix recover argument precedence * fix terminate test * generate * add TODO to remove id-file removal * Update cli/internal/cmd/init.go Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com> * fix verify arg parse logic Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add version test Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove id-file from docs * add file not found log * use state-file in miniconstellation Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove id-file from `constellation iam destroy` Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove id-file from `cdbg deploy` Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com> * use state-file in CI Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * update orchestration docs --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>
164 lines
5.4 KiB
Go
164 lines
5.4 KiB
Go
/*
|
|
Copyright (c) Edgeless Systems GmbH
|
|
|
|
SPDX-License-Identifier: AGPL-3.0-only
|
|
*/
|
|
|
|
/*
|
|
Package helm provides a higher level interface to the Helm Go SDK.
|
|
|
|
It is used by the CLI to:
|
|
|
|
- load embedded charts
|
|
- install charts
|
|
- update helm releases
|
|
- get versions for installed helm releases
|
|
- create local backups before running service upgrades
|
|
|
|
The charts themselves are embedded in the CLI binary, and values are dynamically updated depending on configuration.
|
|
The charts can be found in “./charts/“.
|
|
Values should be added in the chart's "values.yaml“ file if they are static i.e. don't depend on user input,
|
|
otherwise they need to be dynamically created depending on a user's configuration.
|
|
|
|
Helm logic should not be implemented outside this package.
|
|
All values loading, parsing, installing, uninstalling, and updating of charts should be implemented here.
|
|
As such, the helm package requires to implement some CSP specific logic.
|
|
However, exported functions should be CSP agnostic and take a cloudprovider.Provider as argument.
|
|
As such, the number of exported functions should be kept minimal.
|
|
*/
|
|
package helm
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
|
|
"github.com/edgelesssys/constellation/v2/cli/internal/state"
|
|
"github.com/edgelesssys/constellation/v2/internal/config"
|
|
"github.com/edgelesssys/constellation/v2/internal/constants"
|
|
"github.com/edgelesssys/constellation/v2/internal/file"
|
|
"github.com/edgelesssys/constellation/v2/internal/kms/uri"
|
|
"github.com/edgelesssys/constellation/v2/internal/kubernetes/kubectl"
|
|
"github.com/edgelesssys/constellation/v2/internal/semver"
|
|
)
|
|
|
|
const (
|
|
// AllowDestructive is a named bool to signal that destructive actions have been confirmed by the user.
|
|
AllowDestructive = true
|
|
// DenyDestructive is a named bool to signal that destructive actions have not been confirmed by the user yet.
|
|
DenyDestructive = false
|
|
)
|
|
|
|
type debugLog interface {
|
|
Debugf(format string, args ...any)
|
|
}
|
|
|
|
// Client is a Helm client to apply charts.
|
|
type Client struct {
|
|
factory *actionFactory
|
|
cliVersion semver.Semver
|
|
log debugLog
|
|
}
|
|
|
|
// NewClient returns a new Helm client.
|
|
func NewClient(kubeConfigPath string, log debugLog) (*Client, error) {
|
|
kubeClient, err := kubectl.NewFromConfig(kubeConfigPath)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("initializing kubectl: %w", err)
|
|
}
|
|
actionConfig, err := newActionConfig(kubeConfigPath, log)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("creating action config: %w", err)
|
|
}
|
|
lister := ReleaseVersionClient{actionConfig}
|
|
cliVersion := constants.BinaryVersion()
|
|
factory := newActionFactory(kubeClient, lister, actionConfig, log)
|
|
return &Client{factory, cliVersion, log}, nil
|
|
}
|
|
|
|
// Options are options for loading charts.
|
|
type Options struct {
|
|
Conformance bool
|
|
HelmWaitMode WaitMode
|
|
AllowDestructive bool
|
|
Force bool
|
|
}
|
|
|
|
// PrepareApply loads the charts and returns the executor to apply them.
|
|
// TODO(elchead): remove validK8sVersion by putting ValidK8sVersion into config.Config, see AB#3374.
|
|
func (h Client) PrepareApply(
|
|
conf *config.Config, stateFile *state.State,
|
|
flags Options, serviceAccURI string, masterSecret uri.MasterSecret,
|
|
) (Applier, bool, error) {
|
|
releases, err := h.loadReleases(conf, masterSecret, stateFile, flags, serviceAccURI)
|
|
if err != nil {
|
|
return nil, false, fmt.Errorf("loading Helm releases: %w", err)
|
|
}
|
|
h.log.Debugf("Loaded Helm releases")
|
|
actions, includesUpgrades, err := h.factory.GetActions(releases, conf.MicroserviceVersion, flags.Force, flags.AllowDestructive)
|
|
return &ChartApplyExecutor{actions: actions, log: h.log}, includesUpgrades, err
|
|
}
|
|
|
|
func (h Client) loadReleases(
|
|
conf *config.Config, secret uri.MasterSecret,
|
|
stateFile *state.State, flags Options, serviceAccURI string,
|
|
) ([]Release, error) {
|
|
helmLoader := newLoader(conf, stateFile, h.cliVersion)
|
|
h.log.Debugf("Created new Helm loader")
|
|
return helmLoader.loadReleases(flags.Conformance, flags.HelmWaitMode, secret, serviceAccURI)
|
|
}
|
|
|
|
// Applier runs the Helm actions.
|
|
type Applier interface {
|
|
Apply(ctx context.Context) error
|
|
SaveCharts(chartsDir string, fileHandler file.Handler) error
|
|
}
|
|
|
|
// ChartApplyExecutor is a Helm action executor that applies all actions.
|
|
type ChartApplyExecutor struct {
|
|
actions []applyAction
|
|
log debugLog
|
|
}
|
|
|
|
// Apply applies the charts in order.
|
|
func (c ChartApplyExecutor) Apply(ctx context.Context) error {
|
|
for _, action := range c.actions {
|
|
c.log.Debugf("Applying %q", action.ReleaseName())
|
|
if err := action.Apply(ctx); err != nil {
|
|
return fmt.Errorf("applying %s: %w", action.ReleaseName(), err)
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// SaveCharts saves all Helm charts and their values to the given directory.
|
|
func (c ChartApplyExecutor) SaveCharts(chartsDir string, fileHandler file.Handler) error {
|
|
for _, action := range c.actions {
|
|
if err := action.SaveChart(chartsDir, fileHandler); err != nil {
|
|
return fmt.Errorf("saving chart %s: %w", action.ReleaseName(), err)
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// mergeMaps returns a new map that is the merger of it's inputs.
|
|
// Key collisions are resolved by taking the value of the second argument (map b).
|
|
// Taken from: https://github.com/helm/helm/blob/dbc6d8e20fe1d58d50e6ed30f09a04a77e4c68db/pkg/cli/values/options.go#L91-L108.
|
|
func mergeMaps(a, b map[string]any) map[string]any {
|
|
out := make(map[string]any, len(a))
|
|
for k, v := range a {
|
|
out[k] = v
|
|
}
|
|
for k, v := range b {
|
|
if v, ok := v.(map[string]any); ok {
|
|
if bv, ok := out[k]; ok {
|
|
if bv, ok := bv.(map[string]any); ok {
|
|
out[k] = mergeMaps(bv, v)
|
|
continue
|
|
}
|
|
}
|
|
}
|
|
out[k] = v
|
|
}
|
|
return out
|
|
}
|