fixup! wip: generate CoreDNS Helm chart

pin image

internal/constellation/helm/charts/coredns/templates/deployment.yaml

@@ -37,7 +37,7 @@ spec:
       - args:
         - -conf
         - /etc/coredns/Corefile
-        image: registry.k8s.io/coredns/coredns:v1.11.1
+        image: registry.k8s.io/coredns/coredns:v1.11.1@sha256:1eeb4c7316bacb1d4c8ead65571cd92dd21e27359f0d4917f1a5822a73b75db1
         imagePullPolicy: IfNotPresent
         livenessProbe:
           failureThreshold: 5

internal/constellation/helm/corednsgen/main.go

@@ -1,13 +1,21 @@
 package main
 
 import (
+	"context"
 	"flag"
+	"fmt"
 	"log"
 	"os"
 	"path/filepath"
+	"strings"
 
+	"github.com/edgelesssys/constellation/v2/internal/versions"
+	"github.com/regclient/regclient"
+	"github.com/regclient/regclient/types/ref"
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
+	"k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
+	"k8s.io/kubernetes/cmd/kubeadm/app/images"
 	kubedns "k8s.io/kubernetes/cmd/kubeadm/app/phases/addons/dns"
 	kubeadmutil "k8s.io/kubernetes/cmd/kubeadm/app/util"
 	"sigs.k8s.io/yaml"
@@ -20,13 +28,14 @@ const (
 	valuesYAML = "clusterIP: 10.96.0.10\ndnsDomain: cluster.local\n"
 )
 
+var image string
+
 func main() {
 	if err := os.RemoveAll(relativePath()); err != nil {
 		log.Fatalf("Could not remove chart dir: %v", err)
 	}
-	if err := os.MkdirAll(relativePath("templates"), 0o755); err != nil {
-		log.Fatalf("Could not create chart dir: %v", err)
-	}
+
+	image = pinnedImage()
 
 	writeFile([]byte(chartYAML), "Chart.yaml")
 	writeFile([]byte(valuesYAML), "values.yaml")
@@ -40,19 +49,6 @@ func main() {
 	writeFile(patchedDeployment(), "templates", "deployment.yaml")
 }
 
-/*
-   - effect: NoSchedule
-     key: node-role.kubernetes.io/control-plane
-   - effect: NoSchedule
-     key: node.cloudprovider.kubernetes.io/uninitialized
-     value: "true"
-   - effect: NoExecute
-     key: node.kubernetes.io/unreachable
-     operator: Exists
-     tolerationSeconds: 10
-
-*/
-
 func patchedDeployment() []byte {
 	var d appsv1.Deployment
 	if err := yaml.Unmarshal(parseTemplate(kubedns.CoreDNSDeployment), &d); err != nil {
@@ -61,6 +57,7 @@ func patchedDeployment() []byte {
 
 	tolerations := []corev1.Toleration{
 		{Key: "node-role.kubernetes.io/control-plane", Effect: corev1.TaintEffectNoSchedule},
+		// TODO(burgerdev): test whether we need the tolerations below.
 		{Key: "node.cloudprovider.kubernetes.io/uninitialized", Value: "true", Effect: corev1.TaintEffectNoSchedule},
 		{Key: "node.kubernetes.io/unreachable", Operator: corev1.TolerationOpExists, Effect: corev1.TaintEffectNoExecute, TolerationSeconds: toPtr(int64(10))},
 		{Key: "node.kubernetes.io/not-ready", Effect: corev1.TaintEffectNoSchedule},
@@ -73,6 +70,26 @@ func patchedDeployment() []byte {
 	return out
 }
 
+func pinnedImage() string {
+	cfg := &kubeadm.ClusterConfiguration{
+		KubernetesVersion: string(versions.Default),
+		ImageRepository:   "registry.k8s.io",
+	}
+	img := images.GetDNSImage(cfg)
+	regRep, tag, _ := strings.Cut(img, ":") // TODO(burgerdev): use my code from k8s?
+	reg, rep, _ := strings.Cut(regRep, "/")
+	ref := ref.Ref{Scheme: "reg", Registry: reg, Repository: rep, Tag: tag}
+	log.Printf("Getting hash for image %#v", ref)
+
+	rc := regclient.New()
+	m, err := rc.ManifestGet(context.Background(), ref)
+	if err != nil {
+		log.Fatalf("Could not obtain image manifest: %v", err)
+	}
+
+	return fmt.Sprintf("%s/%s:%s@%s", ref.Registry, ref.Repository, ref.Tag, m.GetDescriptor().Digest.String())
+}
+
 func relativePath(elems ...string) string {
 	return filepath.Join(append([]string{*chartDir, "coredns"}, elems...)...)
 }
@@ -96,7 +113,7 @@ func parseTemplate(tmpl string) []byte {
 		DeploymentName:       "coredns",
 		DNSDomain:            `{{ .Values.dnsDomain }}`,
 		DNSIP:                `"{{ .Values.clusterIP }}"`,
-		Image:                "registry.k8s.io/coredns/coredns:v1.11.1", // images.GetDNSImage(cfg),
+		Image:                image,
 		ControlPlaneTaintKey: "node-role.kubernetes.io/control-plane",
 		Replicas:             toPtr(int32(2)),
 	}