ensure host ca bundle configmap

Author: sgalsaleh

api/controllers/app/controller.go

@@ -20,6 +20,7 @@ import (
 	kotsv1beta1 "github.com/replicatedhq/kotskinds/apis/kots/v1beta1"
 	"github.com/sirupsen/logrus"
 	helmcli "helm.sh/helm/v3/pkg/cli"
+	"k8s.io/client-go/metadata"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	kyaml "sigs.k8s.io/yaml"
 )
@@ -52,6 +53,7 @@ type AppController struct {
 	releaseData                *release.ReleaseData
 	hcli                       helm.Client
 	kcli                       client.Client
+	mcli                       metadata.Interface
 	preflightRunner            preflights.PreflightRunnerInterface
 	kubernetesEnvSettings      *helmcli.EnvSettings
 	store                      store.Store
@@ -129,6 +131,12 @@ func WithKubeClient(kcli client.Client) AppControllerOption {
 	}
 }
 
+func WithMetadataClient(mcli metadata.Interface) AppControllerOption {
+	return func(c *AppController) {
+		c.mcli = mcli
+	}
+}
+
 func WithKubernetesEnvSettings(envSettings *helmcli.EnvSettings) AppControllerOption {
 	return func(c *AppController) {
 		c.kubernetesEnvSettings = envSettings
@@ -262,6 +270,7 @@ func NewAppController(opts ...AppControllerOption) (*AppController, error) {
 			appinstallmanager.WithAirgapBundle(controller.airgapBundle),
 			appinstallmanager.WithAppInstallStore(controller.store.AppInstallStore()),
 			appinstallmanager.WithKubeClient(controller.kcli),
+			appinstallmanager.WithMetadataClient(controller.mcli),
 			appinstallmanager.WithKubernetesEnvSettings(controller.kubernetesEnvSettings),
 			appinstallmanager.WithHelmClient(controller.hcli),
 		)

api/controllers/app/install.go

@@ -20,6 +20,7 @@ type InstallAppOptions struct {
 	IgnoreAppPreflights bool
 	ProxySpec           *ecv1beta1.ProxySpec
 	RegistrySettings    *types.RegistrySettings
+	HostCABundlePath    string
 }
 
 // InstallApp triggers app installation with proper state transitions and panic handling
@@ -72,12 +73,6 @@ func (c *AppController) InstallApp(ctx context.Context, opts InstallAppOptions)
 		return fmt.Errorf("get app config values for app install: %w", err)
 	}
 
-	// Get KOTS config values for KOTS CLI install
-	kotsConfigValues, err := c.appConfigManager.GetKotsadmConfigValues()
-	if err != nil {
-		return fmt.Errorf("get kotsadm config values for app install: %w", err)
-	}
-
 	// Extract installable Helm charts from release manager
 	installableCharts, err := c.appReleaseManager.ExtractInstallableHelmCharts(ctx, appConfigValues, opts.ProxySpec, opts.RegistrySettings)
 	if err != nil {
@@ -116,8 +111,8 @@ func (c *AppController) InstallApp(ctx context.Context, opts InstallAppOptions)
 			return fmt.Errorf("set status to running: %w", err)
 		}
 
-		// Install the app with installable charts and KOTS CLI
-		err = c.appInstallManager.Install(ctx, installableCharts, kotsConfigValues, opts.RegistrySettings)
+		// Install the app with installable charts
+		err = c.appInstallManager.Install(ctx, installableCharts, opts.RegistrySettings, opts.HostCABundlePath)
 		if err != nil {
 			return fmt.Errorf("install app: %w", err)
 		}

api/controllers/app/tests/test_suite.go

@@ -509,23 +509,15 @@ func (s *AppControllerTestSuite) TestInstallApp() {
 				appConfigValues := types.AppConfigValues{
 					"test-key": types.AppConfigValue{Value: "test-value"},
 				}
-				kotsConfigValues := kotsv1beta1.ConfigValues{
-					Spec: kotsv1beta1.ConfigValuesSpec{
-						Values: map[string]kotsv1beta1.ConfigValue{
-							"test-key": {Value: "test-value"},
-						},
-					},
-				}
 				mock.InOrder(
 					acm.On("GetConfigValues").Return(appConfigValues, nil),
-					acm.On("GetKotsadmConfigValues").Return(kotsConfigValues, nil),
 					arm.On("ExtractInstallableHelmCharts", mock.Anything, appConfigValues, mock.AnythingOfType("*v1beta1.ProxySpec"), mock.AnythingOfType("*types.RegistrySettings")).Return(expectedCharts, nil),
 
 					store.AppInstallMockStore.On("SetStatus", mock.MatchedBy(func(status types.Status) bool {
 						return status.State == types.StateRunning
 					})).Return(nil),
 
-					aim.On("Install", mock.Anything, expectedCharts, kotsConfigValues).Return(nil),
+					aim.On("Install", mock.Anything, expectedCharts, mock.AnythingOfType("*types.RegistrySettings"), mock.AnythingOfType("string")).Return(nil),
 
 					store.AppInstallMockStore.On("SetStatus", mock.MatchedBy(func(status types.Status) bool {
 						return status.State == types.StateSucceeded
@@ -542,23 +534,15 @@ func (s *AppControllerTestSuite) TestInstallApp() {
 				appConfigValues := types.AppConfigValues{
 					"test-key": types.AppConfigValue{Value: "test-value"},
 				}
-				kotsConfigValues := kotsv1beta1.ConfigValues{
-					Spec: kotsv1beta1.ConfigValuesSpec{
-						Values: map[string]kotsv1beta1.ConfigValue{
-							"test-key": {Value: "test-value"},
-						},
-					},
-				}
 				mock.InOrder(
 					acm.On("GetConfigValues").Return(appConfigValues, nil),
-					acm.On("GetKotsadmConfigValues").Return(kotsConfigValues, nil),
 					arm.On("ExtractInstallableHelmCharts", mock.Anything, appConfigValues, mock.AnythingOfType("*v1beta1.ProxySpec"), mock.AnythingOfType("*types.RegistrySettings")).Return([]types.InstallableHelmChart{}, nil),
 
 					store.AppInstallMockStore.On("SetStatus", mock.MatchedBy(func(status types.Status) bool {
 						return status.State == types.StateRunning
 					})).Return(nil),
 
-					aim.On("Install", mock.Anything, []types.InstallableHelmChart{}, kotsConfigValues).Return(nil),
+					aim.On("Install", mock.Anything, []types.InstallableHelmChart{}, mock.AnythingOfType("*types.RegistrySettings"), mock.AnythingOfType("string")).Return(nil),
 
 					store.AppInstallMockStore.On("SetStatus", mock.MatchedBy(func(status types.Status) bool {
 						return status.State == types.StateSucceeded
@@ -575,23 +559,15 @@ func (s *AppControllerTestSuite) TestInstallApp() {
 				appConfigValues := types.AppConfigValues{
 					"test-key": types.AppConfigValue{Value: "test-value"},
 				}
-				kotsConfigValues := kotsv1beta1.ConfigValues{
-					Spec: kotsv1beta1.ConfigValuesSpec{
-						Values: map[string]kotsv1beta1.ConfigValue{
-							"test-key": {Value: "test-value"},
-						},
-					},
-				}
 				mock.InOrder(
 					acm.On("GetConfigValues").Return(appConfigValues, nil),
-					acm.On("GetKotsadmConfigValues").Return(kotsConfigValues, nil),
 					arm.On("ExtractInstallableHelmCharts", mock.Anything, appConfigValues, mock.AnythingOfType("*v1beta1.ProxySpec"), mock.AnythingOfType("*types.RegistrySettings")).Return([]types.InstallableHelmChart{}, nil),
 
 					store.AppInstallMockStore.On("SetStatus", mock.MatchedBy(func(status types.Status) bool {
 						return status.State == types.StateRunning
 					})).Return(nil),
 
-					aim.On("Install", mock.Anything, []types.InstallableHelmChart{}, kotsConfigValues).Return(errors.New("install error")),
+					aim.On("Install", mock.Anything, []types.InstallableHelmChart{}, mock.AnythingOfType("*types.RegistrySettings"), mock.AnythingOfType("string")).Return(errors.New("install error")),
 
 					store.AppInstallMockStore.On("SetStatus", mock.MatchedBy(func(status types.Status) bool {
 						return status.State == types.StateFailed && strings.Contains(status.Description, "install error")
@@ -620,13 +596,6 @@ func (s *AppControllerTestSuite) TestInstallApp() {
 				appConfigValues := types.AppConfigValues{
 					"test-key": types.AppConfigValue{Value: "test-value"},
 				}
-				kotsConfigValues := kotsv1beta1.ConfigValues{
-					Spec: kotsv1beta1.ConfigValuesSpec{
-						Values: map[string]kotsv1beta1.ConfigValue{
-							"test-key": {Value: "test-value"},
-						},
-					},
-				}
 				mock.InOrder(
 					// Mock GetAppPreflightOutput to return non-strict failures (can be bypassed)
 					apm.On("GetAppPreflightOutput", mock.Anything).Return(&types.PreflightsOutput{
@@ -640,14 +609,13 @@ func (s *AppControllerTestSuite) TestInstallApp() {
 					}, nil),
 
 					acm.On("GetConfigValues").Return(appConfigValues, nil),
-					acm.On("GetKotsadmConfigValues").Return(kotsConfigValues, nil),
 					arm.On("ExtractInstallableHelmCharts", mock.Anything, appConfigValues, mock.AnythingOfType("*v1beta1.ProxySpec"), mock.AnythingOfType("*types.RegistrySettings")).Return([]types.InstallableHelmChart{}, nil),
 
 					store.AppInstallMockStore.On("SetStatus", mock.MatchedBy(func(status types.Status) bool {
 						return status.State == types.StateRunning
 					})).Return(nil),
 
-					aim.On("Install", mock.Anything, []types.InstallableHelmChart{}, kotsConfigValues).Return(nil),
+					aim.On("Install", mock.Anything, []types.InstallableHelmChart{}, mock.AnythingOfType("*types.RegistrySettings"), mock.AnythingOfType("string")).Return(nil),
 
 					store.AppInstallMockStore.On("SetStatus", mock.MatchedBy(func(status types.Status) bool {
 						return status.State == types.StateSucceeded

api/controllers/kubernetes/install/controller.go

@@ -225,6 +225,7 @@ func NewInstallController(opts ...InstallControllerOption) (*InstallController,
 			appcontroller.WithPrivateCACertConfigMapName(""), // Private CA ConfigMap functionality not yet implemented for Kubernetes installations
 			appcontroller.WithHelmClient(controller.hcli),
 			appcontroller.WithKubeClient(controller.kcli),
+			appcontroller.WithMetadataClient(controller.mcli),
 			appcontroller.WithKubernetesEnvSettings(controller.kubernetesEnvSettings),
 			appcontroller.WithPreflightRunner(controller.preflightRunner),
 		)

api/controllers/kubernetes/upgrade/controller.go

@@ -15,6 +15,7 @@ import (
 	"github.com/replicatedhq/embedded-cluster/pkg/release"
 	"github.com/sirupsen/logrus"
 	helmcli "helm.sh/helm/v3/pkg/cli"
+	"k8s.io/client-go/metadata"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
@@ -28,6 +29,7 @@ var _ Controller = (*UpgradeController)(nil)
 type UpgradeController struct {
 	hcli                  helm.Client
 	kcli                  client.Client
+	mcli                  metadata.Interface
 	preflightRunner       preflights.PreflightRunnerInterface
 	kubernetesEnvSettings *helmcli.EnvSettings
 	releaseData           *release.ReleaseData
@@ -61,6 +63,12 @@ func WithKubeClient(kcli client.Client) UpgradeControllerOption {
 	}
 }
 
+func WithMetadataClient(mcli metadata.Interface) UpgradeControllerOption {
+	return func(c *UpgradeController) {
+		c.mcli = mcli
+	}
+}
+
 func WithPreflightRunner(preflightRunner preflights.PreflightRunnerInterface) UpgradeControllerOption {
 	return func(c *UpgradeController) {
 		c.preflightRunner = preflightRunner
@@ -151,6 +159,7 @@ func NewUpgradeController(opts ...UpgradeControllerOption) (*UpgradeController,
 			appcontroller.WithPrivateCACertConfigMapName(""), // Private CA ConfigMap functionality not yet implemented for Kubernetes installations
 			appcontroller.WithHelmClient(controller.hcli),
 			appcontroller.WithKubeClient(controller.kcli),
+			appcontroller.WithMetadataClient(controller.mcli),
 			appcontroller.WithKubernetesEnvSettings(controller.kubernetesEnvSettings),
 			appcontroller.WithPreflightRunner(controller.preflightRunner),
 		)

api/controllers/linux/install/controller.go

@@ -314,6 +314,7 @@ func NewInstallController(opts ...InstallControllerOption) (*InstallController,
 			appcontroller.WithPrivateCACertConfigMapName(adminconsole.PrivateCASConfigMapName), // Linux installations use the ConfigMap
 			appcontroller.WithHelmClient(controller.hcli),
 			appcontroller.WithKubeClient(controller.kcli),
+			appcontroller.WithMetadataClient(controller.mcli),
 			appcontroller.WithKubernetesEnvSettings(controller.rc.GetKubernetesEnvSettings()),
 			appcontroller.WithPreflightRunner(controller.preflightRunner),
 		)

api/controllers/linux/upgrade/controller.go

@@ -321,6 +321,7 @@ func NewUpgradeController(opts ...UpgradeControllerOption) (*UpgradeController,
 			appcontroller.WithPrivateCACertConfigMapName(adminconsole.PrivateCASConfigMapName), // Linux upgrades use the ConfigMap
 			appcontroller.WithHelmClient(controller.hcli),
 			appcontroller.WithKubeClient(controller.kcli),
+			appcontroller.WithMetadataClient(controller.mcli),
 			appcontroller.WithKubernetesEnvSettings(controller.rc.GetKubernetesEnvSettings()),
 			appcontroller.WithPreflightRunner(controller.preflightRunner),
 		)

api/internal/handlers/kubernetes/kubernetes.go

@@ -138,6 +138,7 @@ func New(cfg types.APIConfig, opts ...Option) (*Handler, error) {
 				upgrade.WithConfigValues(h.cfg.ConfigValues),
 				upgrade.WithHelmClient(h.hcli),
 				upgrade.WithKubeClient(h.kcli),
+				upgrade.WithMetadataClient(h.mcli),
 				upgrade.WithPreflightRunner(h.preflightRunner),
 			)
 			if err != nil {

api/internal/handlers/linux/install/handler.go

@@ -494,6 +494,7 @@ func (h *Handler) PostInstallApp(w http.ResponseWriter, r *http.Request) {
 		IgnoreAppPreflights: req.IgnoreAppPreflights,
 		ProxySpec:           h.cfg.RuntimeConfig.ProxySpec(),
 		RegistrySettings:    registrySettings,
+		HostCABundlePath:    h.cfg.RuntimeConfig.HostCABundlePath(),
 	})
 	if err != nil {
 		utils.LogError(r, err, h.logger, "failed to install app")

api/internal/managers/app/install/install.go

@@ -9,17 +9,16 @@ import (
 	"github.com/replicatedhq/embedded-cluster/api/types"
 	"github.com/replicatedhq/embedded-cluster/pkg/helm"
 	"github.com/replicatedhq/embedded-cluster/pkg/runtimeconfig"
-	kotsv1beta1 "github.com/replicatedhq/kotskinds/apis/kots/v1beta1"
 )
 
-// Install installs the app with the provided config values
-func (m *appInstallManager) Install(ctx context.Context, installableCharts []types.InstallableHelmChart, configValues kotsv1beta1.ConfigValues, registrySettings *types.RegistrySettings) error {
-	if err := m.initKubeClient(); err != nil {
-		return fmt.Errorf("init kube client: %w", err)
+// Install installs the app with the provided Helm charts
+func (m *appInstallManager) Install(ctx context.Context, installableCharts []types.InstallableHelmChart, registrySettings *types.RegistrySettings, hostCABundlePath string) error {
+	if err := m.setupClients(); err != nil {
+		return fmt.Errorf("setup clients: %w", err)
 	}
 
 	// Start the namespace reconciler to ensure image pull secrets and other required resources in app namespaces
-	nsReconciler, err := runNamespaceReconciler(ctx, m.kcli, registrySettings, m.logger)
+	nsReconciler, err := runNamespaceReconciler(ctx, m.kcli, m.mcli, registrySettings, hostCABundlePath, m.logger)
 	if err != nil {
 		return fmt.Errorf("start namespace reconciler: %w", err)
 	}