Cleaning up new installation process (#97)

removing exec mod from scripts removing unused files adding issuer and certificate objects for cert-manager setup changing hooks' weights removing unused script
fluidos-project · Jul 9, 2024 · 93ea592 · 93ea592
1 parent d945c92
commit 93ea592
Show file tree

Hide file tree

Showing 10 changed files with 147 additions and 35 deletions.
diff --git a/deployments/node/templates/fluidos-configure-liqo-cm-authz.yaml b/deployments/node/templates/fluidos-configure-liqo-cm-authz.yaml
@@ -0,0 +1,51 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  annotations:
+    kubernetes.io/enforce-mountable-secrets: "true"
+  name: configure-liqo-cm-sa
+  namespace: {{ .Release.Namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: manage-liqo-cm-clusterrole
+rules:
+- apiGroups: ["apps"]
+  resources: ["deployments"]
+  verbs: ["get", "patch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: list-nodes
+rules:
+- apiGroups: [""]
+  resources: ["nodes"]
+  verbs: ["list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: manage-liqo-cm-clusterrolebinding
+subjects:
+- kind: ServiceAccount
+  name: configure-liqo-cm-sa
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: manage-liqo-cm-clusterrole
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: list-nodes-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: list-nodes
+subjects:
+- kind: ServiceAccount
+  name: configure-liqo-cm-sa
+  namespace: {{ .Release.Namespace }}
diff --git a/deployments/node/templates/fluidos-liqo-controller-manager-role.yaml b/deployments/node/templates/fluidos-liqo-controller-manager-role.yaml
diff --git a/deployments/node/templates/fluidos-lqo-controller-manager-rolebinding.yaml b/deployments/node/templates/fluidos-lqo-controller-manager-rolebinding.yaml
diff --git a/deployments/node/templates/fluidos-post-install-hook.yaml b/deployments/node/templates/fluidos-post-install-hook.yaml
@@ -2,6 +2,7 @@ apiVersion: batch/v1
 kind: Job
 metadata:
   name: configure-liqo
+  namespace: {{ .Release.Namespace }}
   labels:
     app: liqo
   annotations:
@@ -10,10 +11,11 @@ metadata:
 spec:
   template:
     spec:
-      serviceAccountName: default
+      serviceAccountName: helm-service-account
+      hostNetwork: true
       containers:
         - name: configure-liqo
-          image: bitnami/kubectl:latest
+          image: dtzar/helm-kubectl:latest
           command: ["/bin/sh", "-c", "cp /scripts/configure-liqo.sh /tmp/configure-liqo.sh && chmod +x /tmp/configure-liqo.sh && /tmp/configure-liqo.sh"]
           volumeMounts:
             - name: script

diff --git a/deployments/node/templates/fluidos-pre-install-hook-authz.yaml b/deployments/node/templates/fluidos-pre-install-hook-authz.yaml
@@ -5,15 +5,15 @@ metadata:
   namespace: fluidos
   annotations:
     "helm.sh/hook": pre-install
-    "helm.sh/hook-weight": "-2"
+    "helm.sh/hook-weight": "-4"
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   name: admin-cluster-role
   annotations:
     "helm.sh/hook": pre-install
-    "helm.sh/hook-weight": "-2"
+    "helm.sh/hook-weight": "-4"
 rules:
   - apiGroups: ["*"]
     resources: ["*"]
@@ -25,7 +25,7 @@ metadata:
   name: admin-cluster-rolebinding
   annotations:
     "helm.sh/hook": pre-install
-    "helm.sh/hook-weight": "-2"
+    "helm.sh/hook-weight": "-4"
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole

diff --git a/deployments/node/templates/fluidos-pre-install-hook-cm.yaml b/deployments/node/templates/fluidos-pre-install-hook-cm.yaml
@@ -5,7 +5,7 @@ metadata:
   namespace: {{ .Release.Namespace }}
   annotations:
     "helm.sh/hook": pre-install
-    "helm.sh/hook-weight": "-1"
+    "helm.sh/hook-weight": "-3"
 data:
   pre-install.sh: |
     #!/bin/bash
@@ -26,9 +26,9 @@ data:
             echo "Installing metrics-server..."
             helm repo add metrics-server https://kubernetes-sigs.github.io/metrics-server/
             helm repo update
-            helm install metrics-server metrics-server/metrics-server -n kube-system --set defaultArgs='{--kubelet-insecure-tls,--kubelet-preferred-address-types=InternalIP\,ExternalIP\,Hostname,--cert-dir=/tmp,--kubelet-use-node-status-port}'
+            helm install metrics-server metrics-server/metrics-server -n kube-system --set args='{--kubelet-insecure-tls,--kubelet-preferred-address-types=InternalIP\,ExternalIP\,Hostname,--cert-dir=/tmp,--kubelet-use-node-status-port}'
             echo "Waiting for metrics-server to be ready"
-            kubectl wait --for=condition=ready pod -l k8s-app=metrics-server -n kube-system --timeout=400s
+            kubectl wait --for=condition=ready pod -l k8s-app=metrics-server -n kube-system --timeout=300s
         else
             echo "metrics-server is already installed."
         fi
@@ -42,6 +42,10 @@ data:
             helm repo update
             kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.7.1/cert-manager.crds.yaml
             helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace
+
+            echo "Waiting for cert-manager to be ready"
+            kubectl wait --for=condition=ready pod -l app.kubernetes.io/component=controller -n cert-manager --timeout=300s
+
         else
             echo "cert-manager is already installed."
         fi
@@ -63,7 +67,7 @@ data:
             liqoctl install $provider --cluster-name $provider --only-output-values --dump-values-path="values-liqo.yaml"
             helm repo add liqo https://helm.liqo.io/
             helm repo update
-            helm install liqo liqo/liqo -f values-liqo.yaml -n liqo --create-namespace
+            helm install liqo liqo/liqo -f values-liqo.yaml -n liqo --set discovery.config.enableAdvertisement=false --create-namespace --kubeconfig "$KUBECONFIG"
             rm values-liqo.yaml
         else
             echo "liqo is already installed."
@@ -87,8 +91,8 @@ data:
         # Install dependencies
         install_metrics_server
         install_cert_manager
-        install_liqo $1
+        # install_liqo $1
     }
 
     # Run the main script with provider as parameter
-    main $1
+    main $1
diff --git a/deployments/node/templates/fluidos-pre-install-hook-job.yaml b/deployments/node/templates/fluidos-pre-install-hook-job.yaml
@@ -3,8 +3,10 @@ kind: Job
 metadata:
   name: pre-install-job
   namespace: {{ .Release.Namespace }}
-  labels:
-    app: my-app
+  annotations:
+    "helm.sh/hook": pre-install
+    "helm.sh/hook-weight": "-2"
+    "helm.sh/hook-delete-policy": hook-succeeded
 spec:
   template:
     spec:

diff --git a/deployments/node/templates/fluidos-pre-install-issuer-and-cert.yaml b/deployments/node/templates/fluidos-pre-install-issuer-and-cert.yaml
@@ -0,0 +1,33 @@
+{{- $resManagerConfig := (merge (dict "name" "local-resource-manager" "module" "local-resource-manager") .) -}}
+
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  annotations:
+    "helm.sh/hook": pre-install
+    "helm.sh/hook-weight": "-1"
+  labels:
+    {{- include "fluidos.labels" $resManagerConfig | nindent 4 }}
+  name: fluidos-self-signed
+  namespace: {{ .Release.Namespace }}
+spec:
+  selfSigned: {}
+---
+{{- $rearManagerConfig := (merge (dict "name" "rear-manager" "module" "rear-manager") .) -}}
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  annotations:
+    "helm.sh/hook": pre-install
+    "helm.sh/hook-weight": "-1"
+  name: {{ include "fluidos.prefixedName" $rearManagerConfig }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  dnsNames:
+  - {{ include "fluidos.prefixedName" $rearManagerConfig }}.{{ .Release.Namespace }}.svc
+  - {{ include "fluidos.prefixedName" $rearManagerConfig }}.{{ .Release.Namespace }}.svc.cluster.local
+  issuerRef:
+    kind: Issuer
+    name: fluidos-self-signed
+  secretName: {{ include "fluidos.prefixedName" $rearManagerConfig }}
diff --git a/tools/scripts/install_liqo.sh b/tools/scripts/install_liqo.sh
@@ -0,0 +1,35 @@
+#!/bin/bash
+
+
+# Function to check if liqoctl is installed
+check_and_install_liqoctl() {
+  if ! command -v liqoctl &> /dev/null; then
+    echo "liqoctl not found. Installing liqoctl..."
+    # Example installation command for liqoctl, you may need to update this based on the official installation instructions
+    curl -sL https://get.liqo.io | bash || { echo "Failed to install liqoctl"; exit 1; }
+    echo "liqoctl installed successfully."
+  else
+    echo "liqoctl is already installed."
+  fi
+}
+
+# Check if provider parameter is provided
+if [ -z "$1" ]; then
+  echo "No provider specified. Please provide a cloud provider (aws, azure, gcp, etc.)."
+  exit 1
+fi
+
+check_and_install_liqoctl
+
+# Get the provider parameter
+PROVIDER=$1
+
+control_plane_node=$(kubectl get nodes -l node-role.kubernetes.io/control-plane -o jsonpath='{.items[0].metadata.name}')
+cluster_name=${control_plane_node%-control-plane}
+
+
+# Install Liqo based on the provider
+liqoctl install "$PROVIDER" --cluster-name "$cluster_name" || { echo "Failed to install Liqo for provider: $PROVIDER"; exit 1; }
+# liqoctl install "$PROVIDER" || { echo "Failed to install Liqo for provider: $PROVIDER"; exit 1; }
+
+echo "Liqo installation for provider $PROVIDER completed successfully."
diff --git a/tools/scripts/installation.sh b/tools/scripts/installation.sh
@@ -206,6 +206,11 @@ function install_components() {
                 fi
         fi
 
+        # Install liqo
+        chmod +x "$SCRIPT_DIR"/install_liqo.sh
+        "$SCRIPT_DIR"/install_liqo.sh "$installation_type" || { echo "Failed to install Liqo in cluster $cluster"; exit 1; }
+        chmod -x "$SCRIPT_DIR"/install_liqo.sh
+
         # Skipping the installation of the node Helm chart if the cluster is a provider and its installation type is not kind
         if [ "$(jq -r '.role' <<< "${clusters[$cluster]}")" == "provider" ] && [ "$installation_type" != "kind" ]; then
             echo "Skipping FLUIDOS Node installation in a cluster not managed by the user"
@@ -227,13 +232,15 @@ function install_components() {
                 --set "provider=$installation_type" \
                 --set "networkManager.configMaps.nodeIdentity.ip=$ip:$port" \
                 --set "networkManager.configMaps.providers.local=${providers_ips[$cluster]}" \
+                --wait \
                 --kubeconfig $KUBECONFIG
             else
                 echo "Installing remote repositories in cluster $cluster with local resource manager"
                 helm upgrade --install node fluidos/node -n fluidos --create-namespace -f "$value_file" \
                 --set "provider=$installation_type" \
                 --set "networkManager.configMaps.nodeIdentity.ip=$ip:$port" \
                 --set 'networkManager.configMaps.providers.local'="${providers_ips[$cluster]}" \
+                --wait \
                 --kubeconfig "$KUBECONFIG"
             fi
         fi