helm: move yawol into a separate release (#2904)

internal/constellation/helm/BUILD.bazel

@@ -287,26 +287,6 @@ go_library(
         "charts/edgeless/operators/values.yaml",
         "charts/edgeless/constellation-services/charts/ccm/templates/openstack-daemonset.yaml",
         "charts/edgeless/constellation-services/charts/ccm/templates/openstack-secret.yaml",
-        "charts/edgeless/constellation-services/charts/yawol-controller/Chart.yaml",
-        "charts/edgeless/constellation-services/charts/yawol-controller/README.md",
-        "charts/edgeless/constellation-services/charts/yawol-controller/crds/yawol.stackit.cloud_loadbalancermachines.yaml",
-        "charts/edgeless/constellation-services/charts/yawol-controller/crds/yawol.stackit.cloud_loadbalancers.yaml",
-        "charts/edgeless/constellation-services/charts/yawol-controller/crds/yawol.stackit.cloud_loadbalancersets.yaml",
-        "charts/edgeless/constellation-services/charts/yawol-controller/templates/_helpers.tpl",
-        "charts/edgeless/constellation-services/charts/yawol-controller/templates/rbac-yawol-cloud-controller.yaml",
-        "charts/edgeless/constellation-services/charts/yawol-controller/templates/rbac-yawol-controller.yaml",
-        "charts/edgeless/constellation-services/charts/yawol-controller/templates/sa-yawol-cloud-controller.yaml",
-        "charts/edgeless/constellation-services/charts/yawol-controller/templates/sa-yawol-controller.yaml",
-        "charts/edgeless/constellation-services/charts/yawol-controller/templates/vpa.yaml",
-        "charts/edgeless/constellation-services/charts/yawol-controller/templates/yawol-cloud-controller.yaml",
-        "charts/edgeless/constellation-services/charts/yawol-controller/templates/yawol-controller.yaml",
-        "charts/edgeless/constellation-services/charts/yawol-controller/templates/yawol-gardener-monitoring.yaml",
-        "charts/edgeless/constellation-services/charts/yawol-controller/values.yaml",
-        "charts/edgeless/constellation-services/charts/yawol-config/.helmignore",
-        "charts/edgeless/constellation-services/charts/yawol-config/Chart.yaml",
-        "charts/edgeless/constellation-services/charts/yawol-config/templates/secret.yaml",
-        "charts/edgeless/constellation-services/charts/yawol-config/values.schema.json",
-        "charts/edgeless/constellation-services/charts/yawol-config/values.yaml",
         "charts/aws-load-balancer-controller/.helmignore",
         "charts/aws-load-balancer-controller/Chart.yaml",
         "charts/aws-load-balancer-controller/README.md",
@@ -452,6 +432,30 @@ go_library(
         "charts/cert-manager/templates/webhook-poddisruptionbudget.yaml",
         "charts/edgeless/constellation-services/charts/autoscaler/templates/coredns-pdb.yaml",
         "charts/cilium/templates/cilium-flowlog-configmap.yaml",
+        "charts/yawol/.helmignore",
+        "charts/yawol/Chart.yaml",
+        "charts/yawol/charts/yawol-config/.helmignore",
+        "charts/yawol/charts/yawol-config/Chart.yaml",
+        "charts/yawol/charts/yawol-config/templates/secret.yaml",
+        "charts/yawol/charts/yawol-config/values.schema.json",
+        "charts/yawol/charts/yawol-config/values.yaml",
+        "charts/yawol/charts/yawol-controller/Chart.yaml",
+        "charts/yawol/charts/yawol-controller/README.md",
+        "charts/yawol/charts/yawol-controller/crds/yawol.stackit.cloud_loadbalancermachines.yaml",
+        "charts/yawol/charts/yawol-controller/crds/yawol.stackit.cloud_loadbalancers.yaml",
+        "charts/yawol/charts/yawol-controller/crds/yawol.stackit.cloud_loadbalancersets.yaml",
+        "charts/yawol/charts/yawol-controller/templates/_helpers.tpl",
+        "charts/yawol/charts/yawol-controller/templates/rbac-yawol-cloud-controller.yaml",
+        "charts/yawol/charts/yawol-controller/templates/rbac-yawol-controller.yaml",
+        "charts/yawol/charts/yawol-controller/templates/sa-yawol-cloud-controller.yaml",
+        "charts/yawol/charts/yawol-controller/templates/sa-yawol-controller.yaml",
+        "charts/yawol/charts/yawol-controller/templates/vpa.yaml",
+        "charts/yawol/charts/yawol-controller/templates/yawol-cloud-controller.yaml",
+        "charts/yawol/charts/yawol-controller/templates/yawol-controller.yaml",
+        "charts/yawol/charts/yawol-controller/templates/yawol-gardener-monitoring.yaml",
+        "charts/yawol/charts/yawol-controller/values.yaml",
+        "charts/yawol/templates/.gitkeep",
+        "charts/yawol/values.yaml",
     ],
     importpath = "github.com/edgelesssys/constellation/v2/internal/constellation/helm",
     visibility = ["//:__subpackages__"],

internal/constellation/helm/charts/edgeless/constellation-services/Chart.yaml

@@ -49,13 +49,3 @@ dependencies:
     version: 0.0.0
     tags:
       - GCP
-  - name: yawol-config
-    version: 0.0.0
-    condition: openstack.deployYawolLoadBalancer
-    tags:
-      - OpenStack
-  - name: yawol-controller
-    version: 0.0.0
-    condition: openstack.deployYawolLoadBalancer
-    tags:
-      - OpenStack

internal/constellation/helm/charts/edgeless/constellation-services/values.yaml

@@ -8,10 +8,6 @@ global:
   # Name of the ConfigMap that holds configs that should not be modified by the user.
   internalCMName: internal-config
 
-# OpenStack specific configuration
-openstack:
-  deployYawolLoadBalancer: false
-
 # Set one of the tags to true to indicate which CSP you are deploying to.
 tags:
   AWS: false

internal/constellation/helm/charts/yawol/Chart.yaml

@@ -0,0 +1,10 @@
+apiVersion: v2
+name: yawol
+description: A chart to deploy the yawol loadbalancer
+type: application
+version: 0.0.0
+dependencies:
+  - name: yawol-config
+    version: 0.0.0
+  - name: yawol-controller
+    version: 0.0.0

internal/constellation/helm/charts/yawol/charts/yawol-config/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

internal/constellation/helm/loader.go

@@ -55,6 +55,7 @@ var (
 	constellationOperatorsInfo = chartInfo{releaseName: "constellation-operators", chartName: "constellation-operators", path: "charts/edgeless/operators"}
 	constellationServicesInfo  = chartInfo{releaseName: "constellation-services", chartName: "constellation-services", path: "charts/edgeless/constellation-services"}
 	csiInfo                    = chartInfo{releaseName: "constellation-csi", chartName: "constellation-csi", path: "charts/edgeless/csi"}
+	yawolLBControllerInfo      = chartInfo{releaseName: "yawol", chartName: "yawol", path: "charts/yawol"}
 )
 
 // chartLoader loads embedded helm charts.
@@ -148,7 +149,7 @@ func (i *chartLoader) loadReleases(conformanceMode, deployCSIDriver bool, helmWa
 	}
 	conServicesRelease.values = mergeMaps(conServicesRelease.values, svcVals)
 
-	releases := releaseApplyOrder{ciliumRelease, conServicesRelease, certManagerRelease}
+	releases := releaseApplyOrder{ciliumRelease, conServicesRelease, certManagerRelease, operatorRelease}
 	if deployCSIDriver {
 		csiRelease, err := i.loadRelease(csiInfo, helmWaitMode)
 		if err != nil {
@@ -168,7 +169,19 @@ func (i *chartLoader) loadReleases(conformanceMode, deployCSIDriver bool, helmWa
 		}
 		releases = append(releases, awsRelease)
 	}
-	releases = append(releases, operatorRelease)
+	if i.csp == cloudprovider.OpenStack && openStackCfg.DeployYawolLoadBalancer != nil && *openStackCfg.DeployYawolLoadBalancer {
+		yawolRelease, err := i.loadRelease(yawolLBControllerInfo, helmWaitMode)
+		if err != nil {
+			return nil, fmt.Errorf("loading yawol chart: %w", err)
+		}
+
+		yawolVals, err := extraYawolValues(serviceAccURI, i.stateFile.Infrastructure, openStackCfg)
+		if err != nil {
+			return nil, fmt.Errorf("extending yawol chart values: %w", err)
+		}
+		yawolRelease.values = mergeMaps(yawolRelease.values, yawolVals)
+		releases = append(releases, yawolRelease)
+	}
 
 	return releases, nil
 }

internal/constellation/helm/overrides.go

@@ -110,25 +110,6 @@ func extraConstellationServicesValues(
 				"secretData": credsIni,
 			},
 		}
-		yawolIni := creds.CloudINI().YawolConfiguration()
-		extraVals["yawol-config"] = map[string]any{
-			"secretData": yawolIni,
-		}
-		extraVals["openstack"] = map[string]any{
-			"deployYawolLoadBalancer": openStackCfg.DeployYawolLoadBalancer != nil && *openStackCfg.DeployYawolLoadBalancer,
-		}
-		if openStackCfg.DeployYawolLoadBalancer != nil && *openStackCfg.DeployYawolLoadBalancer {
-			extraVals["yawol-controller"] = map[string]any{
-				"yawolOSSecretName": "yawolkey",
-				// has to be larger than ~30s to account for slow OpenStack API calls.
-				"openstackTimeout": "1m",
-				"yawolFloatingID":  openStackCfg.FloatingIPPoolID,
-				"yawolFlavorID":    openStackCfg.YawolFlavorID,
-				"yawolImageID":     openStackCfg.YawolImageID,
-				"yawolNetworkID":   output.OpenStack.NetworkID,
-				"yawolAPIHost":     fmt.Sprintf("https://%s:%d", output.InClusterEndpoint, constants.KubernetesPort),
-			}
-		}
 	case cloudprovider.GCP:
 		serviceAccountKey, err := gcpshared.ServiceAccountKeyFromURI(serviceAccURI)
 		if err != nil {
@@ -167,6 +148,35 @@ func extraConstellationServicesValues(
 	return extraVals, nil
 }
 
+// extraYawolValues extends the given values map by some values depending on user input.
+// Values set inside this function are only applied during init, not during upgrade.
+func extraYawolValues(serviceAccURI string, output state.Infrastructure, openStackCfg *config.OpenStackConfig) (map[string]any, error) {
+	extraVals := map[string]any{}
+
+	creds, err := openstack.AccountKeyFromURI(serviceAccURI)
+	if err != nil {
+		return nil, err
+	}
+	yawolIni := creds.CloudINI().YawolConfiguration()
+	extraVals["yawol-config"] = map[string]any{
+		"secretData": yawolIni,
+	}
+	if openStackCfg.DeployYawolLoadBalancer != nil && *openStackCfg.DeployYawolLoadBalancer {
+		extraVals["yawol-controller"] = map[string]any{
+			"yawolOSSecretName": "yawolkey",
+			// has to be larger than ~30s to account for slow OpenStack API calls.
+			"openstackTimeout": "1m",
+			"yawolFloatingID":  openStackCfg.FloatingIPPoolID,
+			"yawolFlavorID":    openStackCfg.YawolFlavorID,
+			"yawolImageID":     openStackCfg.YawolImageID,
+			"yawolNetworkID":   output.OpenStack.NetworkID,
+			"yawolAPIHost":     fmt.Sprintf("https://%s:%d", output.InClusterEndpoint, constants.KubernetesPort),
+		}
+	}
+
+	return extraVals, nil
+}
+
 // cloudConfig is used to marshal the cloud config for the Kubernetes Cloud Controller Manager on Azure.
 type cloudConfig struct {
 	Cloud                       string `json:"cloud,omitempty"`