From 0167a4a286bedefbe3c9b5a1ee604e7145dc3e0a Mon Sep 17 00:00:00 2001 From: 3u13r Date: Wed, 3 Jan 2024 14:09:32 +0100 Subject: [PATCH] helm: remove konnectivity agents (#2790) --- e2e/miniconstellation/test-remote.sh | 1 - internal/constellation/helm/BUILD.bazel | 7 -- .../constellation-services/Chart.yaml | 8 -- .../charts/konnectivity/.helmignore | 23 ------ .../charts/konnectivity/Chart.yaml | 5 -- .../templates/clusterrolebinding.yaml | 15 ---- .../konnectivity/templates/daemonset.yaml | 76 ------------------- .../templates/serviceaccount.yaml | 8 -- .../charts/konnectivity/values.schema.json | 21 ----- .../charts/konnectivity/values.yaml | 1 - .../helm/imageversion/BUILD.bazel | 2 - internal/constellation/helm/loader.go | 5 -- internal/constellation/helm/loader_test.go | 7 -- internal/constellation/helm/overrides.go | 3 - .../templates/clusterrolebinding.yaml | 15 ---- .../konnectivity/templates/daemonset.yaml | 76 ------------------- .../templates/serviceaccount.yaml | 8 -- .../templates/clusterrolebinding.yaml | 15 ---- .../konnectivity/templates/daemonset.yaml | 76 ------------------- .../templates/serviceaccount.yaml | 8 -- .../templates/clusterrolebinding.yaml | 15 ---- .../konnectivity/templates/daemonset.yaml | 76 ------------------- .../templates/serviceaccount.yaml | 8 -- .../templates/clusterrolebinding.yaml | 15 ---- .../konnectivity/templates/daemonset.yaml | 76 ------------------- .../templates/serviceaccount.yaml | 8 -- .../templates/clusterrolebinding.yaml | 15 ---- .../konnectivity/templates/daemonset.yaml | 76 ------------------- .../templates/serviceaccount.yaml | 8 -- internal/versions/versions.go | 4 - 30 files changed, 681 deletions(-) delete mode 100644 internal/constellation/helm/charts/edgeless/constellation-services/charts/konnectivity/.helmignore delete mode 100644 internal/constellation/helm/charts/edgeless/constellation-services/charts/konnectivity/Chart.yaml delete mode 100644 internal/constellation/helm/charts/edgeless/constellation-services/charts/konnectivity/templates/clusterrolebinding.yaml delete mode 100644 internal/constellation/helm/charts/edgeless/constellation-services/charts/konnectivity/templates/daemonset.yaml delete mode 100644 internal/constellation/helm/charts/edgeless/constellation-services/charts/konnectivity/templates/serviceaccount.yaml delete mode 100644 internal/constellation/helm/charts/edgeless/constellation-services/charts/konnectivity/values.schema.json delete mode 100644 internal/constellation/helm/charts/edgeless/constellation-services/charts/konnectivity/values.yaml delete mode 100644 internal/constellation/helm/testdata/AWS/constellation-services/charts/konnectivity/templates/clusterrolebinding.yaml delete mode 100644 internal/constellation/helm/testdata/AWS/constellation-services/charts/konnectivity/templates/daemonset.yaml delete mode 100644 internal/constellation/helm/testdata/AWS/constellation-services/charts/konnectivity/templates/serviceaccount.yaml delete mode 100644 internal/constellation/helm/testdata/Azure/constellation-services/charts/konnectivity/templates/clusterrolebinding.yaml delete mode 100644 internal/constellation/helm/testdata/Azure/constellation-services/charts/konnectivity/templates/daemonset.yaml delete mode 100644 internal/constellation/helm/testdata/Azure/constellation-services/charts/konnectivity/templates/serviceaccount.yaml delete mode 100644 internal/constellation/helm/testdata/GCP/constellation-services/charts/konnectivity/templates/clusterrolebinding.yaml delete mode 100644 internal/constellation/helm/testdata/GCP/constellation-services/charts/konnectivity/templates/daemonset.yaml delete mode 100644 internal/constellation/helm/testdata/GCP/constellation-services/charts/konnectivity/templates/serviceaccount.yaml delete mode 100644 internal/constellation/helm/testdata/OpenStack/constellation-services/charts/konnectivity/templates/clusterrolebinding.yaml delete mode 100644 internal/constellation/helm/testdata/OpenStack/constellation-services/charts/konnectivity/templates/daemonset.yaml delete mode 100644 internal/constellation/helm/testdata/OpenStack/constellation-services/charts/konnectivity/templates/serviceaccount.yaml delete mode 100644 internal/constellation/helm/testdata/QEMU/constellation-services/charts/konnectivity/templates/clusterrolebinding.yaml delete mode 100644 internal/constellation/helm/testdata/QEMU/constellation-services/charts/konnectivity/templates/daemonset.yaml delete mode 100644 internal/constellation/helm/testdata/QEMU/constellation-services/charts/konnectivity/templates/serviceaccount.yaml diff --git a/e2e/miniconstellation/test-remote.sh b/e2e/miniconstellation/test-remote.sh index 3cef1fd961..10a95d8c4c 100755 --- a/e2e/miniconstellation/test-remote.sh +++ b/e2e/miniconstellation/test-remote.sh @@ -80,7 +80,6 @@ kubectl -n kube-system wait --for=condition=Available=True --timeout=180s deploy kubectl -n kube-system rollout status --timeout 180s daemonset cilium kubectl -n kube-system rollout status --timeout 180s daemonset join-service kubectl -n kube-system rollout status --timeout 180s daemonset key-service -kubectl -n kube-system rollout status --timeout 180s daemonset konnectivity-agent kubectl -n kube-system rollout status --timeout 180s daemonset verification-service echo "Miniconstellation started successfully. Shutting down..." diff --git a/internal/constellation/helm/BUILD.bazel b/internal/constellation/helm/BUILD.bazel index 559d893581..4669d104c6 100644 --- a/internal/constellation/helm/BUILD.bazel +++ b/internal/constellation/helm/BUILD.bazel @@ -241,13 +241,6 @@ go_library( "charts/edgeless/constellation-services/charts/key-service/templates/serviceaccount.yaml", "charts/edgeless/constellation-services/charts/key-service/values.schema.json", "charts/edgeless/constellation-services/charts/key-service/values.yaml", - "charts/edgeless/constellation-services/charts/konnectivity/.helmignore", - "charts/edgeless/constellation-services/charts/konnectivity/Chart.yaml", - "charts/edgeless/constellation-services/charts/konnectivity/templates/clusterrolebinding.yaml", - "charts/edgeless/constellation-services/charts/konnectivity/templates/daemonset.yaml", - "charts/edgeless/constellation-services/charts/konnectivity/templates/serviceaccount.yaml", - "charts/edgeless/constellation-services/charts/konnectivity/values.schema.json", - "charts/edgeless/constellation-services/charts/konnectivity/values.yaml", "charts/edgeless/constellation-services/charts/verification-service/.helmignore", "charts/edgeless/constellation-services/charts/verification-service/Chart.yaml", "charts/edgeless/constellation-services/charts/verification-service/templates/daemonset.yaml", diff --git a/internal/constellation/helm/charts/edgeless/constellation-services/Chart.yaml b/internal/constellation/helm/charts/edgeless/constellation-services/Chart.yaml index 87a6d0c4e2..4cabb55284 100644 --- a/internal/constellation/helm/charts/edgeless/constellation-services/Chart.yaml +++ b/internal/constellation/helm/charts/edgeless/constellation-services/Chart.yaml @@ -45,14 +45,6 @@ dependencies: - GCP - OpenStack - QEMU - - name: konnectivity - version: 0.0.0 - tags: - - AWS - - Azure - - GCP - - OpenStack - - QEMU - name: gcp-guest-agent version: 0.0.0 tags: diff --git a/internal/constellation/helm/charts/edgeless/constellation-services/charts/konnectivity/.helmignore b/internal/constellation/helm/charts/edgeless/constellation-services/charts/konnectivity/.helmignore deleted file mode 100644 index 0e8a0eb36f..0000000000 --- a/internal/constellation/helm/charts/edgeless/constellation-services/charts/konnectivity/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/internal/constellation/helm/charts/edgeless/constellation-services/charts/konnectivity/Chart.yaml b/internal/constellation/helm/charts/edgeless/constellation-services/charts/konnectivity/Chart.yaml deleted file mode 100644 index 010e5d0712..0000000000 --- a/internal/constellation/helm/charts/edgeless/constellation-services/charts/konnectivity/Chart.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v2 -name: konnectivity -description: A chart to deploy konnectivity for Constellation -type: application -version: 0.0.0 diff --git a/internal/constellation/helm/charts/edgeless/constellation-services/charts/konnectivity/templates/clusterrolebinding.yaml b/internal/constellation/helm/charts/edgeless/constellation-services/charts/konnectivity/templates/clusterrolebinding.yaml deleted file mode 100644 index f189cb6a3f..0000000000 --- a/internal/constellation/helm/charts/edgeless/constellation-services/charts/konnectivity/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - addonmanager.kubernetes.io/mode: Reconcile - kubernetes.io/cluster-service: "true" - name: system:konnectivity-server -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:auth-delegator -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: system:konnectivity-server diff --git a/internal/constellation/helm/charts/edgeless/constellation-services/charts/konnectivity/templates/daemonset.yaml b/internal/constellation/helm/charts/edgeless/constellation-services/charts/konnectivity/templates/daemonset.yaml deleted file mode 100644 index d195e80365..0000000000 --- a/internal/constellation/helm/charts/edgeless/constellation-services/charts/konnectivity/templates/daemonset.yaml +++ /dev/null @@ -1,76 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - labels: - addonmanager.kubernetes.io/mode: Reconcile - k8s-app: konnectivity-agent - name: konnectivity-agent - namespace: {{ .Release.Namespace }} -spec: - selector: - matchLabels: - k8s-app: konnectivity-agent - template: - metadata: - labels: - k8s-app: konnectivity-agent - spec: - containers: - - args: - - --logtostderr=true - - --proxy-server-host={{ .Values.loadBalancerIP }} - - --ca-cert=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt - - --proxy-server-port=8132 - - --admin-server-port=8133 - - --health-server-port={{ .Values.healthServerPort }} - - --service-account-token-path=/var/run/secrets/tokens/konnectivity-agent-token - - --agent-identifiers=host=$(HOST_IP) - - --sync-forever=true - - --keepalive-time=60m - - --sync-interval=5s - - --sync-interval-cap=30s - - --probe-interval=5s - - --v=3 - command: - - /proxy-agent - env: - - name: HOST_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: {{ .Values.image | quote }} - livenessProbe: - httpGet: - path: /healthz - port: {{ .Values.healthServerPort }} - initialDelaySeconds: 15 - timeoutSeconds: 15 - name: konnectivity-agent - resources: {} - volumeMounts: - - mountPath: /var/run/secrets/tokens - name: konnectivity-agent-token - readOnly: true - priorityClassName: system-cluster-critical - serviceAccountName: konnectivity-agent - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master - operator: Exists - - effect: NoSchedule - key: node-role.kubernetes.io/control-plane - operator: Exists - - key: CriticalAddonsOnly - operator: Exists - - effect: NoExecute - key: node.kubernetes.io/not-ready - operator: Exists - volumes: - - name: konnectivity-agent-token - projected: - sources: - - serviceAccountToken: - audience: system:konnectivity-server - path: konnectivity-agent-token - updateStrategy: {} diff --git a/internal/constellation/helm/charts/edgeless/constellation-services/charts/konnectivity/templates/serviceaccount.yaml b/internal/constellation/helm/charts/edgeless/constellation-services/charts/konnectivity/templates/serviceaccount.yaml deleted file mode 100644 index d48b234303..0000000000 --- a/internal/constellation/helm/charts/edgeless/constellation-services/charts/konnectivity/templates/serviceaccount.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - addonmanager.kubernetes.io/mode: Reconcile - kubernetes.io/cluster-service: "true" - name: konnectivity-agent - namespace: {{ .Release.Namespace }} diff --git a/internal/constellation/helm/charts/edgeless/constellation-services/charts/konnectivity/values.schema.json b/internal/constellation/helm/charts/edgeless/constellation-services/charts/konnectivity/values.schema.json deleted file mode 100644 index 50f9c0de30..0000000000 --- a/internal/constellation/helm/charts/edgeless/constellation-services/charts/konnectivity/values.schema.json +++ /dev/null @@ -1,21 +0,0 @@ -{ - "$schema": "https://json-schema.org/draft-07/schema#", - "properties": { - "image": { - "description": "Container image to use for the spawned pods.", - "type": "string", - "examples": ["us.gcr.io/k8s-artifacts-prod/kas-network-proxy/proxy-agent:v0.0.33@sha256:48f2a4ec3e10553a81b8dd1c6fa5fe4bcc9617f78e71c1ca89c6921335e2d7da"] - }, - "loadBalancerIP": { - "description": "IP of the loadbalancer serving the control plane.", - "type": "string", - "examples": ["10.4.0.1"] - } - }, - "required": [ - "image", - "loadBalancerIP" - ], - "title": "Values", - "type": "object" -} diff --git a/internal/constellation/helm/charts/edgeless/constellation-services/charts/konnectivity/values.yaml b/internal/constellation/helm/charts/edgeless/constellation-services/charts/konnectivity/values.yaml deleted file mode 100644 index 61ffc1a85c..0000000000 --- a/internal/constellation/helm/charts/edgeless/constellation-services/charts/konnectivity/values.yaml +++ /dev/null @@ -1 +0,0 @@ -healthServerPort: 8134 diff --git a/internal/constellation/helm/imageversion/BUILD.bazel b/internal/constellation/helm/imageversion/BUILD.bazel index 604bec4a26..710638a33e 100644 --- a/internal/constellation/helm/imageversion/BUILD.bazel +++ b/internal/constellation/helm/imageversion/BUILD.bazel @@ -33,7 +33,5 @@ go_library( # TODO(malt3): add missing third-party images # - logstash # - filebeat -# - konnectivity-agent -# - konnectivity-server # - node-maintenance-operator # - gcp-guest-agent diff --git a/internal/constellation/helm/loader.go b/internal/constellation/helm/loader.go index ed312cca4a..df365ee7e9 100644 --- a/internal/constellation/helm/loader.go +++ b/internal/constellation/helm/loader.go @@ -68,7 +68,6 @@ type chartLoader struct { autoscalerImage string verificationServiceImage string gcpGuestAgentImage string - konnectivityImage string constellationOperatorImage string nodeMaintenanceOperatorImage string clusterName string @@ -104,7 +103,6 @@ func newLoader(csp cloudprovider.Provider, attestationVariant variant.Variant, k autoscalerImage: versions.VersionConfigs[k8sVersion].ClusterAutoscalerImage, verificationServiceImage: imageversion.VerificationService("", ""), gcpGuestAgentImage: versions.GcpGuestImage, - konnectivityImage: versions.KonnectivityAgentImage, constellationOperatorImage: imageversion.ConstellationNodeOperator("", ""), nodeMaintenanceOperatorImage: versions.NodeMaintenanceOperatorImage, } @@ -307,9 +305,6 @@ func (i *chartLoader) loadConstellationServicesValues() map[string]any { "gcp-guest-agent": map[string]any{ "image": i.gcpGuestAgentImage, }, - "konnectivity": map[string]any{ - "image": i.konnectivityImage, - }, "tags": i.cspTags(), } } diff --git a/internal/constellation/helm/loader_test.go b/internal/constellation/helm/loader_test.go index 2d069589a8..9eae12a86d 100644 --- a/internal/constellation/helm/loader_test.go +++ b/internal/constellation/helm/loader_test.go @@ -171,7 +171,6 @@ func TestConstellationServices(t *testing.T) { azureCNMImage: tc.cnmImage, autoscalerImage: "autoscalerImage", verificationServiceImage: "verificationImage", - konnectivityImage: "konnectivityImage", gcpGuestAgentImage: "gcpGuestAgentImage", clusterName: "testCluster", } @@ -384,12 +383,6 @@ func addInClusterValues(values map[string]any, csp cloudprovider.Provider) error } verificationVals["loadBalancerIP"] = "127.0.0.1" - konnectivityVals, ok := values["konnectivity"].(map[string]any) - if !ok { - return errors.New("missing 'konnectivity' key") - } - konnectivityVals["loadBalancerIP"] = "127.0.0.1" - ccmVals, ok := values["ccm"].(map[string]any) if !ok { return errors.New("missing 'ccm' key") diff --git a/internal/constellation/helm/overrides.go b/internal/constellation/helm/overrides.go index 4672685e18..da8698d8fc 100644 --- a/internal/constellation/helm/overrides.go +++ b/internal/constellation/helm/overrides.go @@ -90,9 +90,6 @@ func extraConstellationServicesValues( extraVals["verification-service"] = map[string]any{ "attestationVariant": attestationVariant.String(), } - extraVals["konnectivity"] = map[string]any{ - "loadBalancerIP": output.ClusterEndpoint, - } extraVals["key-service"] = map[string]any{ "masterSecret": base64.StdEncoding.EncodeToString(masterSecret.Key), diff --git a/internal/constellation/helm/testdata/AWS/constellation-services/charts/konnectivity/templates/clusterrolebinding.yaml b/internal/constellation/helm/testdata/AWS/constellation-services/charts/konnectivity/templates/clusterrolebinding.yaml deleted file mode 100644 index f189cb6a3f..0000000000 --- a/internal/constellation/helm/testdata/AWS/constellation-services/charts/konnectivity/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - addonmanager.kubernetes.io/mode: Reconcile - kubernetes.io/cluster-service: "true" - name: system:konnectivity-server -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:auth-delegator -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: system:konnectivity-server diff --git a/internal/constellation/helm/testdata/AWS/constellation-services/charts/konnectivity/templates/daemonset.yaml b/internal/constellation/helm/testdata/AWS/constellation-services/charts/konnectivity/templates/daemonset.yaml deleted file mode 100644 index 0f26cfbb98..0000000000 --- a/internal/constellation/helm/testdata/AWS/constellation-services/charts/konnectivity/templates/daemonset.yaml +++ /dev/null @@ -1,76 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - labels: - addonmanager.kubernetes.io/mode: Reconcile - k8s-app: konnectivity-agent - name: konnectivity-agent - namespace: testNamespace -spec: - selector: - matchLabels: - k8s-app: konnectivity-agent - template: - metadata: - labels: - k8s-app: konnectivity-agent - spec: - containers: - - args: - - --logtostderr=true - - --proxy-server-host=127.0.0.1 - - --ca-cert=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt - - --proxy-server-port=8132 - - --admin-server-port=8133 - - --health-server-port=8134 - - --service-account-token-path=/var/run/secrets/tokens/konnectivity-agent-token - - --agent-identifiers=host=$(HOST_IP) - - --sync-forever=true - - --keepalive-time=60m - - --sync-interval=5s - - --sync-interval-cap=30s - - --probe-interval=5s - - --v=3 - command: - - /proxy-agent - env: - - name: HOST_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: konnectivityImage - livenessProbe: - httpGet: - path: /healthz - port: 8134 - initialDelaySeconds: 15 - timeoutSeconds: 15 - name: konnectivity-agent - resources: {} - volumeMounts: - - mountPath: /var/run/secrets/tokens - name: konnectivity-agent-token - readOnly: true - priorityClassName: system-cluster-critical - serviceAccountName: konnectivity-agent - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master - operator: Exists - - effect: NoSchedule - key: node-role.kubernetes.io/control-plane - operator: Exists - - key: CriticalAddonsOnly - operator: Exists - - effect: NoExecute - key: node.kubernetes.io/not-ready - operator: Exists - volumes: - - name: konnectivity-agent-token - projected: - sources: - - serviceAccountToken: - audience: system:konnectivity-server - path: konnectivity-agent-token - updateStrategy: {} diff --git a/internal/constellation/helm/testdata/AWS/constellation-services/charts/konnectivity/templates/serviceaccount.yaml b/internal/constellation/helm/testdata/AWS/constellation-services/charts/konnectivity/templates/serviceaccount.yaml deleted file mode 100644 index ad307c56f3..0000000000 --- a/internal/constellation/helm/testdata/AWS/constellation-services/charts/konnectivity/templates/serviceaccount.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - addonmanager.kubernetes.io/mode: Reconcile - kubernetes.io/cluster-service: "true" - name: konnectivity-agent - namespace: testNamespace diff --git a/internal/constellation/helm/testdata/Azure/constellation-services/charts/konnectivity/templates/clusterrolebinding.yaml b/internal/constellation/helm/testdata/Azure/constellation-services/charts/konnectivity/templates/clusterrolebinding.yaml deleted file mode 100644 index f189cb6a3f..0000000000 --- a/internal/constellation/helm/testdata/Azure/constellation-services/charts/konnectivity/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - addonmanager.kubernetes.io/mode: Reconcile - kubernetes.io/cluster-service: "true" - name: system:konnectivity-server -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:auth-delegator -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: system:konnectivity-server diff --git a/internal/constellation/helm/testdata/Azure/constellation-services/charts/konnectivity/templates/daemonset.yaml b/internal/constellation/helm/testdata/Azure/constellation-services/charts/konnectivity/templates/daemonset.yaml deleted file mode 100644 index 0f26cfbb98..0000000000 --- a/internal/constellation/helm/testdata/Azure/constellation-services/charts/konnectivity/templates/daemonset.yaml +++ /dev/null @@ -1,76 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - labels: - addonmanager.kubernetes.io/mode: Reconcile - k8s-app: konnectivity-agent - name: konnectivity-agent - namespace: testNamespace -spec: - selector: - matchLabels: - k8s-app: konnectivity-agent - template: - metadata: - labels: - k8s-app: konnectivity-agent - spec: - containers: - - args: - - --logtostderr=true - - --proxy-server-host=127.0.0.1 - - --ca-cert=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt - - --proxy-server-port=8132 - - --admin-server-port=8133 - - --health-server-port=8134 - - --service-account-token-path=/var/run/secrets/tokens/konnectivity-agent-token - - --agent-identifiers=host=$(HOST_IP) - - --sync-forever=true - - --keepalive-time=60m - - --sync-interval=5s - - --sync-interval-cap=30s - - --probe-interval=5s - - --v=3 - command: - - /proxy-agent - env: - - name: HOST_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: konnectivityImage - livenessProbe: - httpGet: - path: /healthz - port: 8134 - initialDelaySeconds: 15 - timeoutSeconds: 15 - name: konnectivity-agent - resources: {} - volumeMounts: - - mountPath: /var/run/secrets/tokens - name: konnectivity-agent-token - readOnly: true - priorityClassName: system-cluster-critical - serviceAccountName: konnectivity-agent - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master - operator: Exists - - effect: NoSchedule - key: node-role.kubernetes.io/control-plane - operator: Exists - - key: CriticalAddonsOnly - operator: Exists - - effect: NoExecute - key: node.kubernetes.io/not-ready - operator: Exists - volumes: - - name: konnectivity-agent-token - projected: - sources: - - serviceAccountToken: - audience: system:konnectivity-server - path: konnectivity-agent-token - updateStrategy: {} diff --git a/internal/constellation/helm/testdata/Azure/constellation-services/charts/konnectivity/templates/serviceaccount.yaml b/internal/constellation/helm/testdata/Azure/constellation-services/charts/konnectivity/templates/serviceaccount.yaml deleted file mode 100644 index ad307c56f3..0000000000 --- a/internal/constellation/helm/testdata/Azure/constellation-services/charts/konnectivity/templates/serviceaccount.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - addonmanager.kubernetes.io/mode: Reconcile - kubernetes.io/cluster-service: "true" - name: konnectivity-agent - namespace: testNamespace diff --git a/internal/constellation/helm/testdata/GCP/constellation-services/charts/konnectivity/templates/clusterrolebinding.yaml b/internal/constellation/helm/testdata/GCP/constellation-services/charts/konnectivity/templates/clusterrolebinding.yaml deleted file mode 100644 index f189cb6a3f..0000000000 --- a/internal/constellation/helm/testdata/GCP/constellation-services/charts/konnectivity/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - addonmanager.kubernetes.io/mode: Reconcile - kubernetes.io/cluster-service: "true" - name: system:konnectivity-server -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:auth-delegator -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: system:konnectivity-server diff --git a/internal/constellation/helm/testdata/GCP/constellation-services/charts/konnectivity/templates/daemonset.yaml b/internal/constellation/helm/testdata/GCP/constellation-services/charts/konnectivity/templates/daemonset.yaml deleted file mode 100644 index 0f26cfbb98..0000000000 --- a/internal/constellation/helm/testdata/GCP/constellation-services/charts/konnectivity/templates/daemonset.yaml +++ /dev/null @@ -1,76 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - labels: - addonmanager.kubernetes.io/mode: Reconcile - k8s-app: konnectivity-agent - name: konnectivity-agent - namespace: testNamespace -spec: - selector: - matchLabels: - k8s-app: konnectivity-agent - template: - metadata: - labels: - k8s-app: konnectivity-agent - spec: - containers: - - args: - - --logtostderr=true - - --proxy-server-host=127.0.0.1 - - --ca-cert=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt - - --proxy-server-port=8132 - - --admin-server-port=8133 - - --health-server-port=8134 - - --service-account-token-path=/var/run/secrets/tokens/konnectivity-agent-token - - --agent-identifiers=host=$(HOST_IP) - - --sync-forever=true - - --keepalive-time=60m - - --sync-interval=5s - - --sync-interval-cap=30s - - --probe-interval=5s - - --v=3 - command: - - /proxy-agent - env: - - name: HOST_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: konnectivityImage - livenessProbe: - httpGet: - path: /healthz - port: 8134 - initialDelaySeconds: 15 - timeoutSeconds: 15 - name: konnectivity-agent - resources: {} - volumeMounts: - - mountPath: /var/run/secrets/tokens - name: konnectivity-agent-token - readOnly: true - priorityClassName: system-cluster-critical - serviceAccountName: konnectivity-agent - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master - operator: Exists - - effect: NoSchedule - key: node-role.kubernetes.io/control-plane - operator: Exists - - key: CriticalAddonsOnly - operator: Exists - - effect: NoExecute - key: node.kubernetes.io/not-ready - operator: Exists - volumes: - - name: konnectivity-agent-token - projected: - sources: - - serviceAccountToken: - audience: system:konnectivity-server - path: konnectivity-agent-token - updateStrategy: {} diff --git a/internal/constellation/helm/testdata/GCP/constellation-services/charts/konnectivity/templates/serviceaccount.yaml b/internal/constellation/helm/testdata/GCP/constellation-services/charts/konnectivity/templates/serviceaccount.yaml deleted file mode 100644 index ad307c56f3..0000000000 --- a/internal/constellation/helm/testdata/GCP/constellation-services/charts/konnectivity/templates/serviceaccount.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - addonmanager.kubernetes.io/mode: Reconcile - kubernetes.io/cluster-service: "true" - name: konnectivity-agent - namespace: testNamespace diff --git a/internal/constellation/helm/testdata/OpenStack/constellation-services/charts/konnectivity/templates/clusterrolebinding.yaml b/internal/constellation/helm/testdata/OpenStack/constellation-services/charts/konnectivity/templates/clusterrolebinding.yaml deleted file mode 100644 index f189cb6a3f..0000000000 --- a/internal/constellation/helm/testdata/OpenStack/constellation-services/charts/konnectivity/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - addonmanager.kubernetes.io/mode: Reconcile - kubernetes.io/cluster-service: "true" - name: system:konnectivity-server -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:auth-delegator -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: system:konnectivity-server diff --git a/internal/constellation/helm/testdata/OpenStack/constellation-services/charts/konnectivity/templates/daemonset.yaml b/internal/constellation/helm/testdata/OpenStack/constellation-services/charts/konnectivity/templates/daemonset.yaml deleted file mode 100644 index 0f26cfbb98..0000000000 --- a/internal/constellation/helm/testdata/OpenStack/constellation-services/charts/konnectivity/templates/daemonset.yaml +++ /dev/null @@ -1,76 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - labels: - addonmanager.kubernetes.io/mode: Reconcile - k8s-app: konnectivity-agent - name: konnectivity-agent - namespace: testNamespace -spec: - selector: - matchLabels: - k8s-app: konnectivity-agent - template: - metadata: - labels: - k8s-app: konnectivity-agent - spec: - containers: - - args: - - --logtostderr=true - - --proxy-server-host=127.0.0.1 - - --ca-cert=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt - - --proxy-server-port=8132 - - --admin-server-port=8133 - - --health-server-port=8134 - - --service-account-token-path=/var/run/secrets/tokens/konnectivity-agent-token - - --agent-identifiers=host=$(HOST_IP) - - --sync-forever=true - - --keepalive-time=60m - - --sync-interval=5s - - --sync-interval-cap=30s - - --probe-interval=5s - - --v=3 - command: - - /proxy-agent - env: - - name: HOST_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: konnectivityImage - livenessProbe: - httpGet: - path: /healthz - port: 8134 - initialDelaySeconds: 15 - timeoutSeconds: 15 - name: konnectivity-agent - resources: {} - volumeMounts: - - mountPath: /var/run/secrets/tokens - name: konnectivity-agent-token - readOnly: true - priorityClassName: system-cluster-critical - serviceAccountName: konnectivity-agent - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master - operator: Exists - - effect: NoSchedule - key: node-role.kubernetes.io/control-plane - operator: Exists - - key: CriticalAddonsOnly - operator: Exists - - effect: NoExecute - key: node.kubernetes.io/not-ready - operator: Exists - volumes: - - name: konnectivity-agent-token - projected: - sources: - - serviceAccountToken: - audience: system:konnectivity-server - path: konnectivity-agent-token - updateStrategy: {} diff --git a/internal/constellation/helm/testdata/OpenStack/constellation-services/charts/konnectivity/templates/serviceaccount.yaml b/internal/constellation/helm/testdata/OpenStack/constellation-services/charts/konnectivity/templates/serviceaccount.yaml deleted file mode 100644 index ad307c56f3..0000000000 --- a/internal/constellation/helm/testdata/OpenStack/constellation-services/charts/konnectivity/templates/serviceaccount.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - addonmanager.kubernetes.io/mode: Reconcile - kubernetes.io/cluster-service: "true" - name: konnectivity-agent - namespace: testNamespace diff --git a/internal/constellation/helm/testdata/QEMU/constellation-services/charts/konnectivity/templates/clusterrolebinding.yaml b/internal/constellation/helm/testdata/QEMU/constellation-services/charts/konnectivity/templates/clusterrolebinding.yaml deleted file mode 100644 index f189cb6a3f..0000000000 --- a/internal/constellation/helm/testdata/QEMU/constellation-services/charts/konnectivity/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - addonmanager.kubernetes.io/mode: Reconcile - kubernetes.io/cluster-service: "true" - name: system:konnectivity-server -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:auth-delegator -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: system:konnectivity-server diff --git a/internal/constellation/helm/testdata/QEMU/constellation-services/charts/konnectivity/templates/daemonset.yaml b/internal/constellation/helm/testdata/QEMU/constellation-services/charts/konnectivity/templates/daemonset.yaml deleted file mode 100644 index 0f26cfbb98..0000000000 --- a/internal/constellation/helm/testdata/QEMU/constellation-services/charts/konnectivity/templates/daemonset.yaml +++ /dev/null @@ -1,76 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - labels: - addonmanager.kubernetes.io/mode: Reconcile - k8s-app: konnectivity-agent - name: konnectivity-agent - namespace: testNamespace -spec: - selector: - matchLabels: - k8s-app: konnectivity-agent - template: - metadata: - labels: - k8s-app: konnectivity-agent - spec: - containers: - - args: - - --logtostderr=true - - --proxy-server-host=127.0.0.1 - - --ca-cert=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt - - --proxy-server-port=8132 - - --admin-server-port=8133 - - --health-server-port=8134 - - --service-account-token-path=/var/run/secrets/tokens/konnectivity-agent-token - - --agent-identifiers=host=$(HOST_IP) - - --sync-forever=true - - --keepalive-time=60m - - --sync-interval=5s - - --sync-interval-cap=30s - - --probe-interval=5s - - --v=3 - command: - - /proxy-agent - env: - - name: HOST_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - image: konnectivityImage - livenessProbe: - httpGet: - path: /healthz - port: 8134 - initialDelaySeconds: 15 - timeoutSeconds: 15 - name: konnectivity-agent - resources: {} - volumeMounts: - - mountPath: /var/run/secrets/tokens - name: konnectivity-agent-token - readOnly: true - priorityClassName: system-cluster-critical - serviceAccountName: konnectivity-agent - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master - operator: Exists - - effect: NoSchedule - key: node-role.kubernetes.io/control-plane - operator: Exists - - key: CriticalAddonsOnly - operator: Exists - - effect: NoExecute - key: node.kubernetes.io/not-ready - operator: Exists - volumes: - - name: konnectivity-agent-token - projected: - sources: - - serviceAccountToken: - audience: system:konnectivity-server - path: konnectivity-agent-token - updateStrategy: {} diff --git a/internal/constellation/helm/testdata/QEMU/constellation-services/charts/konnectivity/templates/serviceaccount.yaml b/internal/constellation/helm/testdata/QEMU/constellation-services/charts/konnectivity/templates/serviceaccount.yaml deleted file mode 100644 index ad307c56f3..0000000000 --- a/internal/constellation/helm/testdata/QEMU/constellation-services/charts/konnectivity/templates/serviceaccount.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - addonmanager.kubernetes.io/mode: Reconcile - kubernetes.io/cluster-service: "true" - name: konnectivity-agent - namespace: testNamespace diff --git a/internal/versions/versions.go b/internal/versions/versions.go index b876ed2a42..41223e9f07 100644 --- a/internal/versions/versions.go +++ b/internal/versions/versions.go @@ -167,10 +167,6 @@ const ( // These images are built in a way that they support all versions currently listed in VersionConfigs. // - // KonnectivityAgentImage agent image for konnectivity service. - KonnectivityAgentImage = "registry.k8s.io/kas-network-proxy/proxy-agent:v0.1.2@sha256:cd3046d253d26ffb5907c625e0d0c2be05c5693c90e12116980851739fc0ead8" // renovate:container - // KonnectivityServerImage server image for konnectivity service. - KonnectivityServerImage = "registry.k8s.io/kas-network-proxy/proxy-server:v0.1.2@sha256:79933c3779bc30e33bb7509dff913e70f6ba78ad441f4827f0f3e840ce5f3ddb" // renovate:container // GcpGuestImage image for GCP guest agent. // Check for new versions at https://github.com/GoogleCloudPlatform/guest-agent/releases and update in /.github/workflows/build-gcp-guest-agent.yml. GcpGuestImage = "ghcr.io/edgelesssys/gcp-guest-agent:v20231016.0.0@sha256:c51ebfc2b67f5a39daba88039e7f8f171d7084656c49c092cc53b0a2318209b2" // renovate:container