Add allowPrivileged manifest field. (#623)

gravitational · Sep 9, 2019 · a66ee73 · a66ee73
1 parent 3af437d
commit a66ee73
Show file tree

Hide file tree

Showing 7 changed files with 45 additions and 14 deletions.
diff --git a/Makefile b/Makefile
@@ -18,7 +18,7 @@ GRAVITY_PKG_PATH ?= github.com/gravitational/gravity
 ASSETSDIR=$(TOP)/assets
 BINDIR ?= /usr/bin
 
-# Current Kubernetes version: 1.15.3
+# Current Kubernetes version
 K8S_VER := 1.15.3
 # Kubernetes version suffix for the planet package, constructed by concatenating
 # major + minor padded to 2 chars with 0 + patch also padded to 2 chars, e.g.
@@ -42,7 +42,7 @@ RELEASE_OUT ?=
 TELEPORT_TAG = 3.2.7
 # TELEPORT_REPOTAG adapts TELEPORT_TAG to the teleport tagging scheme
 TELEPORT_REPOTAG := v$(TELEPORT_TAG)
-PLANET_TAG := 6.1.2-$(K8S_VER_SUFFIX)
+PLANET_TAG := 6.1.3-$(K8S_VER_SUFFIX)
 PLANET_BRANCH := $(PLANET_TAG)
 K8S_APP_TAG := $(GRAVITY_TAG)
 TELEKUBE_APP_TAG := $(GRAVITY_TAG)

diff --git a/lib/localenv/localenv.go b/lib/localenv/localenv.go
@@ -486,6 +486,27 @@ func (env *LocalEnvironment) AppService(opsCenterURL string, config AppConfig, o
 	return client, nil
 }
 
+// AppServiceCluster creates the *local* app service that uses the cluster's
+// backend (etcd) and packages (via HTTP client).
+//
+// The local service is needed to handle cases such as newly introduced
+// manifest field which gravity-site (that may be running the old code)
+// does not recognize.
+func (env *LocalEnvironment) AppServiceCluster() (appbase.Applications, error) {
+	clusterEnv, err := env.NewClusterEnvironment()
+	if err != nil {
+		return nil, trace.Wrap(err)
+	}
+	clusterPackages, err := env.ClusterPackages()
+	if err != nil {
+		return nil, trace.Wrap(err)
+	}
+	return env.AppServiceLocal(AppConfig{
+		Backend:  clusterEnv.Backend,
+		Packages: clusterPackages,
+	})
+}
+
 func (env *LocalEnvironment) AppServiceLocal(config AppConfig) (service appbase.Applications, err error) {
 	var imageService docker.ImageService
 	var dockerClient docker.DockerInterface
@@ -503,6 +524,12 @@ func (env *LocalEnvironment) AppServiceLocal(config AppConfig) (service appbase.
 			return nil, trace.Wrap(err)
 		}
 	}
+
+	backend := env.Backend
+	if config.Backend != nil {
+		backend = config.Backend
+	}
+
 	var packages pack.PackageService
 	if config.Packages != nil {
 		packages = config.Packages
@@ -511,7 +538,7 @@ func (env *LocalEnvironment) AppServiceLocal(config AppConfig) (service appbase.
 	}
 
 	return appservice.New(appservice.Config{
-		Backend:      env.Backend,
+		Backend:      backend,
 		Packages:     packages,
 		DockerClient: dockerClient,
 		ImageService: imageService,
@@ -576,9 +603,10 @@ type AppConfig struct {
 	//
 	// This attribute is only applicable in a local planet environment
 	RegistryURL string
-	// Packages allow to override default env.Packages when creating
-	// an app service
+	// Packages allows to override default packages when creating the service
 	Packages pack.PackageService
+	// Backend allows to override default backend when creating the service
+	Backend storage.Backend
 }
 
 // NewOpsClient creates a new client to Operator service using the specified

diff --git a/lib/ops/opsservice/configure.go b/lib/ops/opsservice/configure.go
@@ -1037,6 +1037,10 @@ func (s *site) getPlanetConfig(config planetConfig) (args []string, err error) {
 		args = append(args, "--disable-flannel=true")
 	}
 
+	if manifest.SystemOptions != nil && manifest.SystemOptions.AllowPrivileged {
+		args = append(args, "--allow-privileged=true")
+	}
+
 	for k, v := range overrideArgs {
 		args = append(args, fmt.Sprintf("--%v=%v", k, v))
 	}

diff --git a/lib/schema/manifest.go b/lib/schema/manifest.go
@@ -980,6 +980,9 @@ type SystemOptions struct {
 	BaseImage string `json:"baseImage,omitempty"`
 	// Dependencies defines additional package dependencies
 	Dependencies SystemDependencies `json:"dependencies"`
+	// AllowPrivileged controls whether privileged containers will be allowed
+	// in the cluster.
+	AllowPrivileged bool `json:"allowPrivileged,omitempty"`
 }
 
 // Runtime describes the application runtime

diff --git a/lib/schema/schema.go b/lib/schema/schema.go
@@ -70,6 +70,7 @@ const manifestSchema = `
           }
         },
         "baseImage": {"type": "string"},
+        "allowPrivileged": {"type": "boolean"},
         "logo": {"type": "string"},
         "releaseNotes": {"type": "string"},
         "endpoints": {

diff --git a/tool/gravity/cli/clusterupdate.go b/tool/gravity/cli/clusterupdate.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gravitational/gravity/lib/defaults"
 	"github.com/gravitational/gravity/lib/fsm"
 	libfsm "github.com/gravitational/gravity/lib/fsm"
-	"github.com/gravitational/gravity/lib/httplib"
 	"github.com/gravitational/gravity/lib/loc"
 	"github.com/gravitational/gravity/lib/localenv"
 	"github.com/gravitational/gravity/lib/ops"
@@ -322,11 +321,7 @@ func checkForUpdate(
 		return nil, trace.Wrap(err)
 	}
 
-	apps, err := env.AppService(
-		defaults.GravityServiceURL,
-		localenv.AppConfig{},
-		httplib.WithLocalResolver(env.DNS.Addr()),
-		httplib.WithInsecure())
+	apps, err := env.AppServiceCluster()
 	if err != nil {
 		return nil, trace.Wrap(err)
 	}

diff --git a/tool/gravity/cli/ops.go b/tool/gravity/cli/ops.go
@@ -136,7 +136,7 @@ func uploadUpdate(env *localenv.LocalEnvironment, opsURL string) error {
 		return trace.Wrap(err)
 	}
 
-	clusterApps, err := defaultEnv.SiteApps()
+	clusterApps, err := defaultEnv.AppServiceCluster()
 	if err != nil {
 		return trace.Wrap(err)
 	}
@@ -197,8 +197,8 @@ func uploadUpdate(env *localenv.LocalEnvironment, opsURL string) error {
 			return trace.Wrap(err)
 		}
 		err = appservice.SyncApp(context.TODO(), appservice.SyncRequest{
-			PackService:  clusterPackages,
-			AppService:   clusterApps,
+			PackService:  tarballPackages,
+			AppService:   tarballApps,
 			ImageService: imageService,
 			Package:      *appPackage,
 		})