mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-01-28 08:17:10 -05:00
3282995bda
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
159 lines
5.5 KiB
Go
159 lines
5.5 KiB
Go
package azure
|
|
|
|
import (
|
|
"encoding/json"
|
|
|
|
"github.com/edgelesssys/constellation/coordinator/cloudprovider"
|
|
"github.com/edgelesssys/constellation/coordinator/core"
|
|
"github.com/edgelesssys/constellation/coordinator/kubernetes/k8sapi/resources"
|
|
k8s "k8s.io/api/core/v1"
|
|
meta "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
)
|
|
|
|
// CloudControllerManager holds the Azure cloud-controller-manager configuration.
|
|
type CloudControllerManager struct{}
|
|
|
|
// Image returns the container image used to provide cloud-controller-manager for the cloud-provider.
|
|
func (c *CloudControllerManager) Image() string {
|
|
return cloudprovider.CloudControllerManagerImageAzure
|
|
}
|
|
|
|
// Path returns the path used by cloud-controller-manager executable within the container image.
|
|
func (c *CloudControllerManager) Path() string {
|
|
return "cloud-controller-manager"
|
|
}
|
|
|
|
// Name returns the cloud-provider name as used by k8s cloud-controller-manager (k8s.gcr.io/cloud-controller-manager).
|
|
func (c *CloudControllerManager) Name() string {
|
|
return "azure"
|
|
}
|
|
|
|
// ExtraArgs returns a list of arguments to append to the cloud-controller-manager command.
|
|
func (c *CloudControllerManager) ExtraArgs() []string {
|
|
return []string{
|
|
"--controllers=*,-cloud-node",
|
|
"--cloud-config=/etc/azure/azure.json",
|
|
}
|
|
}
|
|
|
|
// ConfigMaps returns a list of ConfigMaps to deploy together with the k8s cloud-controller-manager
|
|
// Reference: https://kubernetes.io/docs/concepts/configuration/configmap/ .
|
|
func (c *CloudControllerManager) ConfigMaps(instance core.Instance) (resources.ConfigMaps, error) {
|
|
return resources.ConfigMaps{}, nil
|
|
}
|
|
|
|
// Secrets returns a list of secrets to deploy together with the k8s cloud-controller-manager.
|
|
// Reference: https://kubernetes.io/docs/concepts/configuration/secret/ .
|
|
func (c *CloudControllerManager) Secrets(instance core.Instance, cloudServiceAccountURI string) (resources.Secrets, error) {
|
|
// Azure CCM expects cloud provider config to contain cluster configuration and service principal client secrets
|
|
// reference: https://kubernetes-sigs.github.io/cloud-provider-azure/install/configs/
|
|
|
|
subscriptionID, resourceGroup, err := extractBasicsFromProviderID(instance.ProviderID)
|
|
if err != nil {
|
|
return resources.Secrets{}, err
|
|
}
|
|
creds, err := getApplicationCredentials(cloudServiceAccountURI)
|
|
if err != nil {
|
|
return resources.Secrets{}, err
|
|
}
|
|
|
|
vmType := "standard"
|
|
if _, _, _, _, err := splitScaleSetProviderID(instance.ProviderID); err == nil {
|
|
vmType = "vmss"
|
|
}
|
|
|
|
config := cloudConfig{
|
|
Cloud: "AzurePublicCloud",
|
|
TenantID: creds.TenantID,
|
|
SubscriptionID: subscriptionID,
|
|
ResourceGroup: resourceGroup,
|
|
UseInstanceMetadata: true,
|
|
VmType: vmType,
|
|
Location: creds.Location,
|
|
AADClientID: creds.ClientID,
|
|
AADClientSecret: creds.ClientSecret,
|
|
}
|
|
|
|
rawConfig, err := json.Marshal(config)
|
|
if err != nil {
|
|
return resources.Secrets{}, err
|
|
}
|
|
|
|
return resources.Secrets{
|
|
&k8s.Secret{
|
|
TypeMeta: meta.TypeMeta{
|
|
Kind: "Secret",
|
|
APIVersion: "v1",
|
|
},
|
|
ObjectMeta: meta.ObjectMeta{
|
|
Name: "azureconfig",
|
|
Namespace: "kube-system",
|
|
},
|
|
Data: map[string][]byte{
|
|
"azure.json": rawConfig,
|
|
},
|
|
},
|
|
}, nil
|
|
}
|
|
|
|
// Volumes returns a list of volumes to deploy together with the k8s cloud-controller-manager.
|
|
// Reference: https://kubernetes.io/docs/concepts/storage/volumes/ .
|
|
func (c *CloudControllerManager) Volumes() []k8s.Volume {
|
|
return []k8s.Volume{
|
|
{
|
|
Name: "azureconfig",
|
|
VolumeSource: k8s.VolumeSource{
|
|
Secret: &k8s.SecretVolumeSource{
|
|
SecretName: "azureconfig",
|
|
},
|
|
},
|
|
},
|
|
}
|
|
}
|
|
|
|
// VolumeMounts a list of of volume mounts to deploy together with the k8s cloud-controller-manager.
|
|
func (c *CloudControllerManager) VolumeMounts() []k8s.VolumeMount {
|
|
return []k8s.VolumeMount{
|
|
{
|
|
Name: "azureconfig",
|
|
ReadOnly: true,
|
|
MountPath: "/etc/azure",
|
|
},
|
|
}
|
|
}
|
|
|
|
// Env returns a list of k8s environment key-value pairs to deploy together with the k8s cloud-controller-manager.
|
|
func (c *CloudControllerManager) Env() []k8s.EnvVar {
|
|
return []k8s.EnvVar{}
|
|
}
|
|
|
|
// PrepareInstance is called on every instance before deploying the cloud-controller-manager.
|
|
// Allows for cloud-provider specific hooks.
|
|
func (c *CloudControllerManager) PrepareInstance(instance core.Instance, vpnIP string) error {
|
|
// no specific hook required.
|
|
return nil
|
|
}
|
|
|
|
// Supported is used to determine if cloud controller manager is implemented for this cloud provider.
|
|
func (c *CloudControllerManager) Supported() bool {
|
|
return true
|
|
}
|
|
|
|
type cloudConfig struct {
|
|
Cloud string `json:"cloud,omitempty"`
|
|
TenantID string `json:"tenantId,omitempty"`
|
|
SubscriptionID string `json:"subscriptionId,omitempty"`
|
|
ResourceGroup string `json:"resourceGroup,omitempty"`
|
|
Location string `json:"location,omitempty"`
|
|
SubnetName string `json:"subnetName,omitempty"`
|
|
SecurityGroupName string `json:"securityGroupName,omitempty"`
|
|
SecurityGroupResourceGroup string `json:"securityGroupResourceGroup,omitempty"`
|
|
VNetName string `json:"vnetName,omitempty"`
|
|
VNetResourceGroup string `json:"vnetResourceGroup,omitempty"`
|
|
CloudProviderBackoff bool `json:"cloudProviderBackoff,omitempty"`
|
|
UseInstanceMetadata bool `json:"useInstanceMetadata,omitempty"`
|
|
VmType string `json:"vmType,omitempty"`
|
|
AADClientID string `json:"aadClientId,omitempty"`
|
|
AADClientSecret string `json:"aadClientSecret,omitempty"`
|
|
}
|