helm

package
v2.10.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 14, 2023 License: AGPL-3.0 Imports: 43 Imported by: 0

README

Helm

Constellation uses helm to install and upgrade deployments to the Kubernetes cluster. Helm wraps deployments into charts. One chart should contain all the configuration needed to run a deployment.

Charts used by Constellation

To make installation and lifecycle management easier, Constellation groups multiple related charts into sub-charts. The following "parent" charts are used by Constellation:

  • cert-manager

  • Cilium

  • constellation-services

    Cluster services (mostly) written by us, providing basic functionality of the cluster

  • csi

    Our modified Kubernetes CSI drivers and Snapshot controller/CRDs

  • operators

    Kubernetes operators we use to control and manage the lifecycle of a Constellation cluster

Chart upgrades

All services that are installed via helm-install are upgraded via helm-upgrade. Two aspects are not full covered by running helm-upgrade: CRDs and values. While helm-install can install CRDs if they are contained in a chart's crds folder, upgrade won't change any installed CRDs. Furthermore, new values introduced with a new version of a chart will not be installed into the cluster if the --reuse-values flag is set. Nevertheless, we have to rely on the values already present in the cluster because some of the values are set by the bootstrapper during installation. Because upgrades should be a CLI-only operation and we want to avoid the behaviour of --reuse-values, we fetch the cluster values and merge them with any new values.

Here is how we manage CRD upgrades for each chart.

Cilium
  • CRDs are updated by cilium-operator.
cert-manager
  • installCRDs flag is set during upgrade. This flag is managed by cert-manager. cert-manager is in charge of correctly upgrading the CRDs.
  • WARNING: upgrading cert-manager might break other installations of cert-manager in the cluster, if those other installation are not on the same version as the Constellation-manager installation. This is due to the cluster-wide CRDs.
Operators
  • Manually update CRDs before upgrading the chart. Update by applying the CRDs found in the operators/crds/ folder.
Constellation-services
  • There currently are no CRDs in this chart.
CSI
  • CRDs are required for enabling snapshot support
  • CRDs are provided as their own helm chart and may be updated using helm

Documentation

Overview

Package helm provides a higher level interface to the Helm Go SDK.

It is used by the CLI to:

  • load embedded charts
  • install charts
  • update helm releases
  • get versions for installed helm releases
  • create local backups before running service upgrades

The charts themselves are embedded in the CLI binary, and values are dynamically updated depending on configuration. The charts can be found in “./charts/“. Values should be added in the chart's "values.yaml“ file if they are static i.e. don't depend on user input, otherwise they need to be dynamically created depending on a user's configuration.

Helm logic should not be implemented outside this package. All values loading, parsing, installing, uninstalling, and updating of charts should be implemented here. As such, the helm package requires to implement some CSP specific logic. However, exported functions should be CSP agnostic and take a cloudprovider.Provider as argument. As such, the number of exported functions should be kept minimal.

Copyright (c) Edgeless Systems GmbH

SPDX-License-Identifier: AGPL-3.0-only

Overrides contains helm values that are dynamically injected into the helm charts.

Package helm provides types and functions shared across services.

Index

Constants

View Source 
const (
	// AllowDestructive is a named bool to signal that destructive actions have been confirmed by the user.
	AllowDestructive = true
	// DenyDestructive is a named bool to signal that destructive actions have not been confirmed by the user yet.
	DenyDestructive = false
)

Variables

View Source 
var ErrConfirmationMissing = errors.New("action requires user confirmation")

ErrConfirmationMissing signals that an action requires user confirmation.

Functions

This section is empty.

Types

type ChartLoader 

type ChartLoader struct {
	// contains filtered or unexported fields
}

ChartLoader loads embedded helm charts.

func NewLoader added in v2.3.0 

func NewLoader(csp cloudprovider.Provider, k8sVersion versions.ValidK8sVersion, clusterName string) *ChartLoader

NewLoader creates a new ChartLoader.

func (*ChartLoader) LoadReleases added in v2.10.0 

func (i *ChartLoader) LoadReleases(
	config *config.Config, conformanceMode bool, helmWaitMode WaitMode, masterSecret uri.MasterSecret,
	serviceAccURI string, idFile clusterid.File, output terraform.ApplyOutput,
) (*Releases, error)

LoadReleases loads the embedded helm charts and returns them as a HelmReleases object.

type InitializationClient added in v2.10.0 

type InitializationClient struct {
	// contains filtered or unexported fields
}

InitializationClient installs all Helm charts required for a Constellation cluster.

func NewInitializer added in v2.10.0 

func NewInitializer(log debugLog, adminConfPath string) (*InitializationClient, error)

NewInitializer creates a new client to install all Helm charts required for a constellation cluster.

func (InitializationClient) Install added in v2.10.0 

func (i InitializationClient) Install(ctx context.Context, releases *Releases) error

Install installs all Helm charts required for a constellation cluster.

type Installer added in v2.10.0 

type Installer struct {
	*action.Install
	// contains filtered or unexported fields
}

Installer is a wrapper for a helm install action.

func NewInstaller added in v2.10.0 

func NewInstaller(kubeconfig string, logger debugLog) (*Installer, error)

NewInstaller creates a new Installer with the given logger.

func (*Installer) InstallChart added in v2.10.0 

func (h *Installer) InstallChart(ctx context.Context, release Release) error

InstallChart is the generic install function for helm charts.

func (*Installer) InstallChartWithValues added in v2.10.0 

func (h *Installer) InstallChartWithValues(ctx context.Context, release Release, extraValues map[string]any) error

InstallChartWithValues is the generic install function for helm charts with custom values.

func (*Installer) SetWaitMode added in v2.10.0 

func (h *Installer) SetWaitMode(waitMode WaitMode) error

SetWaitMode sets the wait mode of the installer.

type Release added in v2.10.0 

type Release struct {
	Chart       *chart.Chart
	Values      map[string]any
	ReleaseName string
	WaitMode    WaitMode
}

Release bundles all information necessary to create a helm release.

type Releases added in v2.10.0 

type Releases struct {
	AWSLoadBalancerController *Release
	CSI                       *Release
	Cilium                    Release
	CertManager               Release
	ConstellationOperators    Release
	ConstellationServices     Release
}

Releases bundles all helm releases to be deployed to Constellation.

type ServiceVersions added in v2.7.0 

type ServiceVersions struct {
	// contains filtered or unexported fields
}

ServiceVersions bundles the versions of all services that are part of Constellation.

func (ServiceVersions) ConstellationServices added in v2.7.0 

func (s ServiceVersions) ConstellationServices() semver.Semver

ConstellationServices returns the version of the constellation-services release.

func (ServiceVersions) String added in v2.10.0 

func (s ServiceVersions) String() string

String returns a string representation of the ServiceVersions struct.

type UpgradeClient added in v2.10.0 

type UpgradeClient struct {
	// contains filtered or unexported fields
}

UpgradeClient handles interaction with helm and the cluster.

func NewUpgradeClient added in v2.10.0 

func NewUpgradeClient(client crdClient, upgradeWorkspace, kubeConfigPath, helmNamespace string, log debugLog) (*UpgradeClient, error)

NewUpgradeClient returns a newly initialized UpgradeClient for the given namespace.

func (*UpgradeClient) GetValues added in v2.10.0 

func (c *UpgradeClient) GetValues(release string) (map[string]any, error)

GetValues queries the cluster for the values of the given release.

func (*UpgradeClient) Upgrade added in v2.10.0 

func (c *UpgradeClient) Upgrade(ctx context.Context, config *config.Config, idFile clusterid.File, timeout time.Duration,
	allowDestructive, force bool, upgradeID string, conformance bool, helmWaitMode WaitMode, masterSecret uri.MasterSecret,
	serviceAccURI string, validK8sVersion versions.ValidK8sVersion, output terraform.ApplyOutput,
) error

Upgrade runs a helm-upgrade on all deployments that are managed via Helm. If the CLI receives an interrupt signal it will cancel the context. Canceling the context will prompt helm to abort and roll back the ongoing upgrade.

func (*UpgradeClient) Versions added in v2.10.0 

func (c *UpgradeClient) Versions() (ServiceVersions, error)

Versions queries the cluster for running versions and returns a map of releaseName -> version.

type WaitMode added in v2.10.0 

type WaitMode string

WaitMode specifies the wait mode for a helm release. 

const (
	// WaitModeNone specifies that the helm release should not wait for the resources to be ready.
	WaitModeNone WaitMode = ""
	// WaitModeWait specifies that the helm release should wait for the resources to be ready.
	WaitModeWait WaitMode = "wait"
	// WaitModeAtomic specifies that the helm release should
	// wait for the resources to be ready and roll back atomically on failure.
	WaitModeAtomic WaitMode = "atomic"
)

Source Files

View all Source files

Directories

Path Synopsis
Package imageversion contains the pinned container images for the helm charts.
 Package imageversion contains the pinned container images for the helm charts.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.