feat(azure): create azure cluster

konstructio · Sep 25, 2024 · eebef6c · eebef6c
1 parent d56df95
commit eebef6c
Show file tree

Hide file tree

Showing 24 changed files with 677 additions and 14 deletions.
diff --git a/extensions/azure/env.go b/extensions/azure/env.go
@@ -0,0 +1,104 @@
+package azure
+
+import (
+	"fmt"
+	"log"
+	"strconv"
+	"strings"
+
+	"github.com/konstructio/kubefirst-api/internal/vault"
+	"github.com/konstructio/kubefirst-api/pkg/k8s"
+	"github.com/konstructio/kubefirst-api/pkg/providerConfigs"
+	pkgtypes "github.com/konstructio/kubefirst-api/pkg/types"
+	"k8s.io/client-go/kubernetes"
+)
+
+func readVaultTokenFromSecret(clientset *kubernetes.Clientset) string {
+	existingKubernetesSecret, err := k8s.ReadSecretV2(clientset, vault.VaultNamespace, vault.VaultSecretName)
+	if err != nil || existingKubernetesSecret == nil {
+		log.Printf("Error reading existing Secret data: %s", err)
+		return ""
+	}
+
+	return existingKubernetesSecret["root-token"]
+}
+
+func GetAzureTerraformEnvs(envs map[string]string, cl *pkgtypes.Cluster) map[string]string {
+	envs["ARM_CLIENT_ID"] = cl.AzureAuth.ClientID
+	envs["ARM_CLIENT_SECRET"] = cl.AzureAuth.ClientSecret
+	envs["ARM_TENANT_ID"] = cl.AzureAuth.TenantID
+	envs["ARM_SUBSCRIPTION_ID"] = cl.AzureAuth.SubscriptionID
+
+	return envs
+}
+
+func GetGithubTerraformEnvs(envs map[string]string, cl *pkgtypes.Cluster) map[string]string {
+	envs["GITHUB_TOKEN"] = cl.GitAuth.Token
+	envs["GITHUB_OWNER"] = cl.GitAuth.Owner
+	envs["TF_VAR_atlantis_repo_webhook_secret"] = cl.AtlantisWebhookSecret
+	envs["TF_VAR_kbot_ssh_public_key"] = cl.GitAuth.PublicKey
+	envs["ARM_CLIENT_ID"] = cl.AzureAuth.ClientID
+	envs["ARM_CLIENT_SECRET"] = cl.AzureAuth.ClientSecret
+	envs["ARM_TENANT_ID"] = cl.AzureAuth.TenantID
+	envs["ARM_SUBSCRIPTION_ID"] = cl.AzureAuth.SubscriptionID
+
+	return envs
+}
+
+func GetGitlabTerraformEnvs(envs map[string]string, gid int, cl *pkgtypes.Cluster) map[string]string {
+	envs["GITLAB_TOKEN"] = cl.GitAuth.Token
+	envs["GITLAB_OWNER"] = cl.GitAuth.Owner
+	envs["TF_VAR_atlantis_repo_webhook_secret"] = cl.AtlantisWebhookSecret
+	envs["TF_VAR_atlantis_repo_webhook_url"] = cl.AtlantisWebhookURL
+	envs["TF_VAR_kbot_ssh_public_key"] = cl.GitAuth.PublicKey
+	envs["ARM_CLIENT_ID"] = cl.AzureAuth.ClientID
+	envs["ARM_CLIENT_SECRET"] = cl.AzureAuth.ClientSecret
+	envs["ARM_TENANT_ID"] = cl.AzureAuth.TenantID
+	envs["ARM_SUBSCRIPTION_ID"] = cl.AzureAuth.SubscriptionID
+	envs["TF_VAR_owner_group_id"] = strconv.Itoa(gid)
+	envs["TF_VAR_gitlab_owner"] = cl.GitAuth.Owner
+
+	return envs
+}
+
+func GetUsersTerraformEnvs(clientset *kubernetes.Clientset, cl *pkgtypes.Cluster, envs map[string]string) map[string]string {
+	envs["VAULT_TOKEN"] = readVaultTokenFromSecret(clientset)
+	envs["VAULT_ADDR"] = providerConfigs.VaultPortForwardURL
+	envs[fmt.Sprintf("%s_TOKEN", strings.ToUpper(cl.GitProvider))] = cl.GitAuth.Token
+	envs[fmt.Sprintf("%s_OWNER", strings.ToUpper(cl.GitProvider))] = cl.GitAuth.Owner
+	envs["ARM_CLIENT_ID"] = cl.AzureAuth.ClientID
+	envs["ARM_CLIENT_SECRET"] = cl.AzureAuth.ClientSecret
+	envs["ARM_TENANT_ID"] = cl.AzureAuth.TenantID
+	envs["ARM_SUBSCRIPTION_ID"] = cl.AzureAuth.SubscriptionID
+
+	return envs
+}
+
+func GetVaultTerraformEnvs(clientset *kubernetes.Clientset, cl *pkgtypes.Cluster, envs map[string]string) map[string]string {
+	envs[fmt.Sprintf("%s_TOKEN", strings.ToUpper(cl.GitProvider))] = cl.GitAuth.Token
+	envs[fmt.Sprintf("%s_OWNER", strings.ToUpper(cl.GitProvider))] = cl.GitAuth.Owner
+	envs["TF_VAR_email_address"] = cl.AlertsEmail
+	envs["TF_VAR_vault_addr"] = providerConfigs.VaultPortForwardURL
+	envs["TF_VAR_vault_token"] = readVaultTokenFromSecret(clientset)
+	envs[fmt.Sprintf("TF_VAR_%s_token", cl.GitProvider)] = cl.GitAuth.Token
+	envs["VAULT_ADDR"] = providerConfigs.VaultPortForwardURL
+	envs["VAULT_TOKEN"] = readVaultTokenFromSecret(clientset)
+	envs["TF_VAR_civo_token"] = cl.CivoAuth.Token
+	envs["TF_VAR_atlantis_repo_webhook_secret"] = cl.AtlantisWebhookSecret
+	envs["TF_VAR_atlantis_repo_webhook_url"] = cl.AtlantisWebhookURL
+	envs["TF_VAR_kbot_ssh_private_key"] = cl.GitAuth.PrivateKey
+	envs["TF_VAR_kbot_ssh_public_key"] = cl.GitAuth.PublicKey
+	envs["TF_VAR_cloudflare_origin_ca_api_key"] = cl.CloudflareAuth.OriginCaIssuerKey
+	envs["TF_VAR_cloudflare_api_key"] = cl.CloudflareAuth.APIToken
+	envs["ARM_CLIENT_ID"] = cl.AzureAuth.ClientID
+	envs["ARM_CLIENT_SECRET"] = cl.AzureAuth.ClientSecret
+	envs["ARM_TENANT_ID"] = cl.AzureAuth.TenantID
+	envs["ARM_SUBSCRIPTION_ID"] = cl.AzureAuth.SubscriptionID
+
+	switch cl.GitProvider {
+	case "gitlab":
+		envs["TF_VAR_owner_group_id"] = fmt.Sprint(cl.GitlabOwnerGroupID)
+	}
+
+	return envs
+}
diff --git a/extensions/azure/secrets.go b/extensions/azure/secrets.go
@@ -0,0 +1,37 @@
+package azure
+
+import (
+	"fmt"
+
+	providerConfig "github.com/konstructio/kubefirst-api/pkg/providerConfigs"
+	pkgtypes "github.com/konstructio/kubefirst-api/pkg/types"
+	"github.com/rs/zerolog/log"
+	"k8s.io/client-go/kubernetes"
+)
+
+func BootstrapAzureMgmtCluster(clientset kubernetes.Interface, cl *pkgtypes.Cluster, destinationGitopsRepoURL string) error {
+	opts := providerConfig.BootstrapOptions{
+		GitUser:                  cl.GitAuth.User,
+		DestinationGitopsRepoURL: destinationGitopsRepoURL,
+		GitProtocol:              cl.GitProtocol,
+		CloudflareAPIToken:       cl.CloudflareAuth.APIToken,
+		CloudAuth:                cl.CivoAuth.Token,
+		DNSProvider:              cl.DNSProvider,
+		CloudProvider:            cl.CloudProvider,
+		HTTPSPassword:            cl.GitAuth.Token,
+		SSHToken:                 cl.GitAuth.PrivateKey,
+	}
+
+	if err := providerConfig.BootstrapMgmtCluster(clientset, opts); err != nil {
+		log.Error().Msgf("unable to bootstrap management cluster: %s", err)
+		return fmt.Errorf("unable to bootstrap management cluster: %w", err)
+	}
+
+	// Create secrets
+	if err := providerConfig.BootstrapSecrets(clientset, cl); err != nil {
+		log.Error().Msgf("unable to bootstrap secrets: %s", err)
+		return fmt.Errorf("unable to bootstrap secrets: %w", err)
+	}
+
+	return nil
+}
diff --git a/go.mod b/go.mod
@@ -7,6 +7,12 @@ require (
 	cloud.google.com/go/container v1.24.0
 	cloud.google.com/go/secretmanager v1.10.0
 	cloud.google.com/go/storage v1.29.0
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0
+	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0
+	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0
+	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.6.0
+	github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.4.1
 	github.com/argoproj/argo-cd/v2 v2.6.7
 	github.com/argoproj/gitops-engine v0.7.3
 	github.com/atotto/clipboard v0.1.4
@@ -44,7 +50,7 @@ require (
 	github.com/thanhpk/randstr v1.0.6
 	go.mongodb.org/mongo-driver v1.10.3
 	golang.org/x/oauth2 v0.8.0
-	golang.org/x/text v0.14.0
+	golang.org/x/text v0.16.0
 	google.golang.org/api v0.126.0
 	gopkg.in/yaml.v2 v2.4.0
 	k8s.io/api v0.27.1
@@ -55,13 +61,18 @@ require (
 
 require (
 	dario.cat/mergo v1.0.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect
+	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect
 	github.com/cyphar/filepath-securejoin v0.2.4 // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-units v0.4.0 // indirect
 	github.com/go-resty/resty/v2 v2.11.0 // indirect
 	github.com/go-test/deep v1.0.4 // indirect
+	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
 	github.com/hashicorp/go-hclog v1.3.0 // indirect
+	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/opencontainers/image-spec v1.0.3-0.20211202183452-c5a74bcca799 // indirect
+	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
 	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
 	gotest.tools/v3 v3.4.0 // indirect
 )
@@ -158,7 +169,7 @@ require (
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/s2a-go v0.1.4 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
-	github.com/google/uuid v1.3.0 // indirect
+	github.com/google/uuid v1.6.0 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect
 	github.com/googleapis/gax-go/v2 v2.11.0 // indirect
 	github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
@@ -246,15 +257,15 @@ require (
 	github.com/xtgo/uuid v0.0.0-20140804021211-a0b114877d4c // indirect
 	go.opencensus.io v0.24.0 // indirect
 	go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect
-	golang.org/x/crypto v0.21.0
+	golang.org/x/crypto v0.25.0
 	golang.org/x/exp v0.0.0-20231006140011-7918f672742d
-	golang.org/x/mod v0.13.0
-	golang.org/x/net v0.22.0 // indirect
-	golang.org/x/sync v0.4.0
-	golang.org/x/sys v0.18.0 // indirect
-	golang.org/x/term v0.18.0
+	golang.org/x/mod v0.17.0
+	golang.org/x/net v0.27.0 // indirect
+	golang.org/x/sync v0.7.0
+	golang.org/x/sys v0.22.0 // indirect
+	golang.org/x/term v0.22.0
 	golang.org/x/time v0.3.0 // indirect
-	golang.org/x/tools v0.14.0 // indirect
+	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
 	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc // indirect