From a66ee73022155d20f664f29a7092a5d3b027e80f Mon Sep 17 00:00:00 2001 From: Roman Tkachenko Date: Mon, 9 Sep 2019 10:06:32 -0700 Subject: [PATCH] Add allowPrivileged manifest field. (#623) --- Makefile | 4 ++-- lib/localenv/localenv.go | 34 ++++++++++++++++++++++++++++--- lib/ops/opsservice/configure.go | 4 ++++ lib/schema/manifest.go | 3 +++ lib/schema/schema.go | 1 + tool/gravity/cli/clusterupdate.go | 7 +------ tool/gravity/cli/ops.go | 6 +++--- 7 files changed, 45 insertions(+), 14 deletions(-) diff --git a/Makefile b/Makefile index d2178b609d..b2b580e009 100644 --- a/Makefile +++ b/Makefile @@ -18,7 +18,7 @@ GRAVITY_PKG_PATH ?= github.com/gravitational/gravity ASSETSDIR=$(TOP)/assets BINDIR ?= /usr/bin -# Current Kubernetes version: 1.15.3 +# Current Kubernetes version K8S_VER := 1.15.3 # Kubernetes version suffix for the planet package, constructed by concatenating # major + minor padded to 2 chars with 0 + patch also padded to 2 chars, e.g. @@ -42,7 +42,7 @@ RELEASE_OUT ?= TELEPORT_TAG = 3.2.7 # TELEPORT_REPOTAG adapts TELEPORT_TAG to the teleport tagging scheme TELEPORT_REPOTAG := v$(TELEPORT_TAG) -PLANET_TAG := 6.1.2-$(K8S_VER_SUFFIX) +PLANET_TAG := 6.1.3-$(K8S_VER_SUFFIX) PLANET_BRANCH := $(PLANET_TAG) K8S_APP_TAG := $(GRAVITY_TAG) TELEKUBE_APP_TAG := $(GRAVITY_TAG) diff --git a/lib/localenv/localenv.go b/lib/localenv/localenv.go index f16a1e2715..c5b30daa68 100644 --- a/lib/localenv/localenv.go +++ b/lib/localenv/localenv.go @@ -486,6 +486,27 @@ func (env *LocalEnvironment) AppService(opsCenterURL string, config AppConfig, o return client, nil } +// AppServiceCluster creates the *local* app service that uses the cluster's +// backend (etcd) and packages (via HTTP client). +// +// The local service is needed to handle cases such as newly introduced +// manifest field which gravity-site (that may be running the old code) +// does not recognize. +func (env *LocalEnvironment) AppServiceCluster() (appbase.Applications, error) { + clusterEnv, err := env.NewClusterEnvironment() + if err != nil { + return nil, trace.Wrap(err) + } + clusterPackages, err := env.ClusterPackages() + if err != nil { + return nil, trace.Wrap(err) + } + return env.AppServiceLocal(AppConfig{ + Backend: clusterEnv.Backend, + Packages: clusterPackages, + }) +} + func (env *LocalEnvironment) AppServiceLocal(config AppConfig) (service appbase.Applications, err error) { var imageService docker.ImageService var dockerClient docker.DockerInterface @@ -503,6 +524,12 @@ func (env *LocalEnvironment) AppServiceLocal(config AppConfig) (service appbase. return nil, trace.Wrap(err) } } + + backend := env.Backend + if config.Backend != nil { + backend = config.Backend + } + var packages pack.PackageService if config.Packages != nil { packages = config.Packages @@ -511,7 +538,7 @@ func (env *LocalEnvironment) AppServiceLocal(config AppConfig) (service appbase. } return appservice.New(appservice.Config{ - Backend: env.Backend, + Backend: backend, Packages: packages, DockerClient: dockerClient, ImageService: imageService, @@ -576,9 +603,10 @@ type AppConfig struct { // // This attribute is only applicable in a local planet environment RegistryURL string - // Packages allow to override default env.Packages when creating - // an app service + // Packages allows to override default packages when creating the service Packages pack.PackageService + // Backend allows to override default backend when creating the service + Backend storage.Backend } // NewOpsClient creates a new client to Operator service using the specified diff --git a/lib/ops/opsservice/configure.go b/lib/ops/opsservice/configure.go index 4858c1f0dc..454bf0f26c 100644 --- a/lib/ops/opsservice/configure.go +++ b/lib/ops/opsservice/configure.go @@ -1037,6 +1037,10 @@ func (s *site) getPlanetConfig(config planetConfig) (args []string, err error) { args = append(args, "--disable-flannel=true") } + if manifest.SystemOptions != nil && manifest.SystemOptions.AllowPrivileged { + args = append(args, "--allow-privileged=true") + } + for k, v := range overrideArgs { args = append(args, fmt.Sprintf("--%v=%v", k, v)) } diff --git a/lib/schema/manifest.go b/lib/schema/manifest.go index 49af907b76..db4b711dad 100644 --- a/lib/schema/manifest.go +++ b/lib/schema/manifest.go @@ -980,6 +980,9 @@ type SystemOptions struct { BaseImage string `json:"baseImage,omitempty"` // Dependencies defines additional package dependencies Dependencies SystemDependencies `json:"dependencies"` + // AllowPrivileged controls whether privileged containers will be allowed + // in the cluster. + AllowPrivileged bool `json:"allowPrivileged,omitempty"` } // Runtime describes the application runtime diff --git a/lib/schema/schema.go b/lib/schema/schema.go index 81a39d3b6f..ff2db2ed30 100644 --- a/lib/schema/schema.go +++ b/lib/schema/schema.go @@ -70,6 +70,7 @@ const manifestSchema = ` } }, "baseImage": {"type": "string"}, + "allowPrivileged": {"type": "boolean"}, "logo": {"type": "string"}, "releaseNotes": {"type": "string"}, "endpoints": { diff --git a/tool/gravity/cli/clusterupdate.go b/tool/gravity/cli/clusterupdate.go index 98cec098d9..976e96f2bd 100644 --- a/tool/gravity/cli/clusterupdate.go +++ b/tool/gravity/cli/clusterupdate.go @@ -24,7 +24,6 @@ import ( "github.com/gravitational/gravity/lib/defaults" "github.com/gravitational/gravity/lib/fsm" libfsm "github.com/gravitational/gravity/lib/fsm" - "github.com/gravitational/gravity/lib/httplib" "github.com/gravitational/gravity/lib/loc" "github.com/gravitational/gravity/lib/localenv" "github.com/gravitational/gravity/lib/ops" @@ -322,11 +321,7 @@ func checkForUpdate( return nil, trace.Wrap(err) } - apps, err := env.AppService( - defaults.GravityServiceURL, - localenv.AppConfig{}, - httplib.WithLocalResolver(env.DNS.Addr()), - httplib.WithInsecure()) + apps, err := env.AppServiceCluster() if err != nil { return nil, trace.Wrap(err) } diff --git a/tool/gravity/cli/ops.go b/tool/gravity/cli/ops.go index 064ce194d3..89367eb209 100644 --- a/tool/gravity/cli/ops.go +++ b/tool/gravity/cli/ops.go @@ -136,7 +136,7 @@ func uploadUpdate(env *localenv.LocalEnvironment, opsURL string) error { return trace.Wrap(err) } - clusterApps, err := defaultEnv.SiteApps() + clusterApps, err := defaultEnv.AppServiceCluster() if err != nil { return trace.Wrap(err) } @@ -197,8 +197,8 @@ func uploadUpdate(env *localenv.LocalEnvironment, opsURL string) error { return trace.Wrap(err) } err = appservice.SyncApp(context.TODO(), appservice.SyncRequest{ - PackService: clusterPackages, - AppService: clusterApps, + PackService: tarballPackages, + AppService: tarballApps, ImageService: imageService, Package: *appPackage, })