Feat add ingress rules fork (#790)

* feat: add generic function for secret creation * chore: add tests * feat: open 443 port mapping for k3d load balancer * refactor: initial argocd config, split it into local and cloud * 746 spike https local (#773) * calling methods to create certs on local * added mkcert stuffs on config struct * downloading mkcert * added func to install CA and make certs * feat: add generic create certificate function * chore: move secret creation for end of installation * chore: use correct key names for certificate secrets * feat: add download in parallel for local * feat: Add argocd ingress route (#776) - Add argocd ingress route to allow traefik use a different certificate * chore: update argo config yaml * feat: add integration test for TLS on localdev.me * feat: remove port forwards (except atlantis), use ingress * feat: disable port forwards for local destroy * feat: make use of ingress rules instead of port forward for local connect * feat: console link updates * feat: Detokenize ngrok (#784) * temporary PR to enable atlantis port forward until the final solution (#793) * feat: Detokenize ngrok Signed-off-by: João Vanzuita <joao@kubeshop.io> Signed-off-by: Thiago Pagotto <pagottoo@gmail.com> Signed-off-by: Jessica Marinho <jessica@kubeshop.io> Co-authored-by: CristhianF7 <CristhianF7@gmail.com>
konstructio · Nov 30, 2022 · 4f7976e · 4f7976e
1 parent e247b11
commit 4f7976e
Show file tree

Hide file tree

Showing 21 changed files with 646 additions and 328 deletions.
diff --git a/Taskfile.yaml b/Taskfile.yaml
@@ -22,3 +22,6 @@ tasks:
     - go test -v -run TestIsEKSDestroyedIntegration ./internal/aws || echo $?
     - go run . clean --destroy-buckets --destroy-confirm || echo $?
     - aws s3 sync $HOME/kubefirst/logs s3://$CICD_LOGS_BUCKET
+  integration-test-for-tls-localdev:
+    # GOFLAGS="-count=1" disable cache on tests
+    - GOFLAGS="-count=1" go test -v -run TestArgoCertificateIntegration ./internal/ssl
diff --git a/cmd/createGithub.go b/cmd/createGithub.go
@@ -99,13 +99,16 @@ var createGithubCmd = &cobra.Command{
 		progressPrinter.IncrementTracker("step-base", 1)
 
 		gitopsRepo := fmt.Sprintf("git@github.com:%s/gitops.git", viper.GetString("github.owner"))
-		argocd.CreateInitialArgoCDRepository(gitopsRepo)
 
-		// clientset, err := k8s.GetClientSet(globalFlags.DryRun)
-		// if err != nil {
-		// 	log.Printf("Failed to get clientset for k8s : %s", err)
-		// 	return err
-		// }
+		botPrivateKey := viper.GetString("botprivatekey")
+
+		argoCDConfig := argocd.GetArgoCDInitialCloudConfig(gitopsRepo, botPrivateKey)
+
+		err = argocd.CreateInitialArgoCDRepository(config, argoCDConfig)
+		if err != nil {
+			return err
+		}
+
 		err = helm.InstallArgocd(globalFlags.DryRun)
 		if err != nil {
 			log.Println("Error installing argocd")

diff --git a/cmd/destroyLocalGithub.go b/cmd/destroyLocalGithub.go
@@ -30,7 +30,6 @@ var destroyLocalGithubCmd = &cobra.Command{
 	Short: "A brief description of your command",
 	Long:  `TDB`,
 	RunE: func(cmd *cobra.Command, args []string) error {
-		fmt.Println("destroy-local-github called")
 		config := configs.ReadConfig()
 
 		destroyFlags, err := flagset.ProcessDestroyFlags(cmd)
@@ -81,7 +80,6 @@ var destroyLocalGithubCmd = &cobra.Command{
 			log.Println("\nKUBEFIRST_GITHUB_AUTH_TOKEN set via OAuth")
 		}
 
-		// todo: temporary code
 		err = pkg.UpdateTerraformS3BackendForLocalhostAddress()
 		if err != nil {
 			return err
@@ -92,33 +90,9 @@ var destroyLocalGithubCmd = &cobra.Command{
 		//* step 1.1 - open port-forward to state store and vault
 		// todo --skip-git-terraform
 
-		// Vault port-forward
-		vaultStopChannel := make(chan struct{}, 1)
-		defer func() {
-			close(vaultStopChannel)
-		}()
-		k8s.OpenPortForwardPodWrapper(
-			pkg.VaultPodName,
-			pkg.VaultNamespace,
-			pkg.VaultPodPort,
-			pkg.VaultPodLocalPort,
-			vaultStopChannel,
-		)
-
 		k8s.LoopUntilPodIsReady(globalFlags.DryRun)
 
-		minioStopChannel := make(chan struct{}, 1)
-		defer func() {
-			close(minioStopChannel)
-		}()
-		k8s.OpenPortForwardPodWrapper(
-			pkg.MinioPodName,
-			pkg.MinioNamespace,
-			pkg.MinioPodPort,
-			pkg.MinioPodLocalPort,
-			minioStopChannel,
-		)
-
+		// todo: remove it
 		time.Sleep(20 * time.Second)
 
 		//* step 1.3 - terraform destroy github

diff --git a/cmd/local/connect.go b/cmd/local/connect.go
@@ -2,14 +2,9 @@ package local
 
 import (
 	"fmt"
-	"github.com/kubefirst/kubefirst/internal/k8s"
 	"github.com/kubefirst/kubefirst/internal/reports"
 	"github.com/spf13/cobra"
 	"log"
-	"os"
-	"os/signal"
-	"sync"
-	"syscall"
 )
 
 func NewCommandConnect() *cobra.Command {
@@ -27,69 +22,11 @@ func NewCommandConnect() *cobra.Command {
 func runConnect(cmd *cobra.Command, args []string) error {
 	log.Println("opening Port Forward for console...")
 
-	// every port forward has its own closing control. when a channel is closed, the port forward is close.
-	vaultStopChannel := make(chan struct{}, 1)
-	argoStopChannel := make(chan struct{}, 1)
-	argoCDStopChannel := make(chan struct{}, 1)
-	chartmuseumStopChannel := make(chan struct{}, 1)
-	minioStopChannel := make(chan struct{}, 1)
-	minioConsoleStopChannel := make(chan struct{}, 1)
-	kubefirstConsoleStopChannel := make(chan struct{}, 1)
-	AtlantisStopChannel := make(chan struct{}, 1)
-	MetaphorFrontendDevelopmentStopChannel := make(chan struct{}, 1)
-	MetaphorGoDevelopmentStopChannel := make(chan struct{}, 1)
-	MetaphorDevelopmentStopChannel := make(chan struct{}, 1)
-
-	// guarantee it will close the port forwards even on a process kill
-	defer func() {
-		close(vaultStopChannel)
-		close(argoStopChannel)
-		close(argoCDStopChannel)
-		close(chartmuseumStopChannel)
-		close(minioStopChannel)
-		close(minioConsoleStopChannel)
-		close(kubefirstConsoleStopChannel)
-		close(AtlantisStopChannel)
-		close(MetaphorFrontendDevelopmentStopChannel)
-		close(MetaphorGoDevelopmentStopChannel)
-		close(MetaphorDevelopmentStopChannel)
-		log.Println("leaving port-forward command, port forwards are now closed")
-	}()
-
-	err := k8s.OpenPortForwardForLocal(
-		vaultStopChannel,
-		argoStopChannel,
-		argoCDStopChannel,
-		chartmuseumStopChannel,
-		minioStopChannel,
-		minioConsoleStopChannel,
-		kubefirstConsoleStopChannel,
-		AtlantisStopChannel,
-		MetaphorFrontendDevelopmentStopChannel,
-		MetaphorGoDevelopmentStopChannel,
-		MetaphorDevelopmentStopChannel,
-	)
-	if err != nil {
-		return err
-	}
-
 	// style UI with local URLs
 	fmt.Println(reports.StyleMessage(reports.LocalConnectSummary()))
 
 	log.Println("Kubefirst port forward done")
 	log.Println("hanging port forwards until ctrl+c is called")
 
-	// managing termination signal from the terminal
-	sigs := make(chan os.Signal, 1)
-	signal.Notify(sigs, syscall.SIGINT, syscall.SIGTERM)
-	var wg sync.WaitGroup
-	wg.Add(1)
-	go func() {
-		<-sigs
-		wg.Done()
-	}()
-
-	wg.Wait()
-
 	return nil
 }
diff --git a/cmd/local/local.go b/cmd/local/local.go
@@ -1,7 +1,6 @@
 package local
 
 import (
-	"context"
 	"fmt"
 	"log"
 	"sync"
@@ -19,6 +18,7 @@ import (
 	"github.com/kubefirst/kubefirst/internal/k8s"
 	"github.com/kubefirst/kubefirst/internal/metaphor"
 	"github.com/kubefirst/kubefirst/internal/progressPrinter"
+	"github.com/kubefirst/kubefirst/internal/ssl"
 	"github.com/kubefirst/kubefirst/internal/terraform"
 	"github.com/kubefirst/kubefirst/internal/vault"
 	"github.com/kubefirst/kubefirst/pkg"
@@ -57,7 +57,11 @@ func NewCommand() *cobra.Command {
 	// todo: get it from GH token , use it for console
 	localCmd.Flags().StringVar(&adminEmail, "admin-email", "", "the email address for the administrator as well as for lets-encrypt certificate emails")
 	localCmd.Flags().StringVar(&metaphorBranch, "metaphor-branch", "main", "metaphor application branch")
-	localCmd.Flags().StringVar(&gitOpsBranch, "gitops-branch", "main", "version/branch used on git clone")
+	// todo: UPDATE IT BEFORE MERGING
+	// todo: UPDATE IT BEFORE MERGING
+	// todo: UPDATE IT BEFORE MERGING
+	// todo: UPDATE IT BEFORE MERGING
+	localCmd.Flags().StringVar(&gitOpsBranch, "gitops-branch", "add-ingress-localhost", "version/branch used on git clone")
 	localCmd.Flags().StringVar(&gitOpsRepo, "gitops-repo", "gitops", "")
 	localCmd.Flags().StringVar(&templateTag, "template-tag", "",
 		"when running a built version, and ldflag is set for the Kubefirst version, it will use this tag value to clone the templates (gitops and metaphor's)",
@@ -94,8 +98,7 @@ func runLocal(cmd *cobra.Command, args []string) error {
 
 	// todo need to add go channel to control when ngrok should close
 	// and use context to handle closing the open goroutine/connection
-	go pkg.RunNgrok(context.TODO(), pkg.LocalAtlantisURL)
-	time.Sleep(5 * time.Second)
+	//go pkg.RunNgrok(context.TODO(), pkg.LocalAtlantisURL)
 
 	if !viper.GetBool("kubefirst.done") {
 		if viper.GetString("gitprovider") == "github" {
@@ -155,6 +158,19 @@ func runLocal(cmd *cobra.Command, args []string) error {
 	progressPrinter.IncrementTracker("step-base", 1)
 	progressPrinter.IncrementTracker("step-github", 1)
 
+	//
+	// create local certs using MkCert tool
+	//
+	log.Println("installing CA from MkCert")
+	ssl.InstallCALocal(config)
+	log.Println("installing CA from MkCert done")
+
+	log.Println("creating local certificates")
+	if err := ssl.CreateCertificatesForLocalWrapper(config); err != nil {
+		log.Println(err)
+	}
+	log.Println("creating local certificates done")
+
 	// add secrets to cluster
 	// todo there is a secret condition in AddK3DSecrets to this not checked
 	executionControl = viper.GetBool("kubernetes.vault.secret.created")
@@ -172,9 +188,15 @@ func runLocal(cmd *cobra.Command, args []string) error {
 	executionControl = viper.GetBool("argocd.initial-repository.created")
 	if !executionControl {
 		pkg.InformUser("create initial argocd repository", silentMode)
-		//Enterprise users need to be able to set the hostname for git.
-		gitopsRepo := fmt.Sprintf("git@%s:%s/gitops.git", viper.GetString("github.host"), viper.GetString("github.owner"))
-		err := argocd.CreateInitialArgoCDRepository(gitopsRepo)
+		// Enterprise users need to be able to set the hostname for git.
+		gitOpsRepo := fmt.Sprintf("git@%s:%s/gitops.git", viper.GetString("github.host"), viper.GetString("github.owner"))
+
+		argoCDConfig := argocd.GetArgoCDInitialLocalConfig(
+			gitOpsRepo,
+			viper.GetString("botprivatekey"),
+		)
+
+		err := argocd.CreateInitialArgoCDRepository(config, argoCDConfig)
 		if err != nil {
 			log.Println("Error CreateInitialArgoCDRepository")
 			return err
@@ -215,20 +237,6 @@ func runLocal(cmd *cobra.Command, args []string) error {
 		log.Println("already waited for argocd to be ready")
 	}
 
-	// ArgoCD port-forward
-	argoCDStopChannel := make(chan struct{}, 1)
-	defer func() {
-		close(argoCDStopChannel)
-	}()
-	k8s.OpenPortForwardPodWrapper(
-		pkg.ArgoCDPodName,
-		pkg.ArgoCDNamespace,
-		pkg.ArgoCDPodPort,
-		pkg.ArgoCDPodLocalPort,
-		argoCDStopChannel,
-	)
-	pkg.InformUser(fmt.Sprintf("port-forward to argocd is available at %s", viper.GetString("argocd.local.service")), silentMode)
-
 	// argocd pods are ready, get and set credentials
 	executionControl = viper.GetBool("argocd.credentials.set")
 	if !executionControl {
@@ -264,36 +272,8 @@ func runLocal(cmd *cobra.Command, args []string) error {
 		vault.WaitVaultToBeRunning(dryRun)
 	}
 
-	// Vault port-forward
-	vaultStopChannel := make(chan struct{}, 1)
-	defer func() {
-		close(vaultStopChannel)
-	}()
-	k8s.OpenPortForwardPodWrapper(
-		pkg.VaultPodName,
-		pkg.VaultNamespace,
-		pkg.VaultPodPort,
-		pkg.VaultPodLocalPort,
-		vaultStopChannel,
-	)
-
 	k8s.LoopUntilPodIsReady(dryRun)
 
-	minioStopChannel := make(chan struct{}, 1)
-	defer func() {
-		close(minioStopChannel)
-	}()
-	k8s.OpenPortForwardPodWrapper(
-		pkg.MinioPodName,
-		pkg.MinioNamespace,
-		pkg.MinioPodPort,
-		pkg.MinioPodLocalPort,
-		minioStopChannel,
-	)
-
-	// todo: can I remove it?
-	time.Sleep(20 * time.Second)
-
 	// configure vault with terraform
 	executionControl = viper.GetBool("terraform.vault.apply.complete")
 	if !executionControl {
@@ -348,20 +328,8 @@ func runLocal(cmd *cobra.Command, args []string) error {
 	progressPrinter.IncrementTracker("step-apps", 1)
 
 	if !viper.GetBool("chartmuseum.host.resolved") {
-		// Chartmuseum port-forward
-		chartmuseumStopChannel := make(chan struct{}, 1)
-		defer func() {
-			close(chartmuseumStopChannel)
-		}()
-		k8s.OpenPortForwardPodWrapper(
-			pkg.ChartmuseumPodName,
-			pkg.ChartmuseumNamespace,
-			pkg.ChartmuseumPodPort,
-			pkg.ChartmuseumPodLocalPort,
-			chartmuseumStopChannel,
-		)
 
-		pkg.AwaitHostNTimes("http://localhost:8181/health", 5, 5)
+		pkg.AwaitHostNTimes(pkg.ChartmuseumLocalURL+"/health", 5, 5)
 		viper.Set("chartmuseum.host.resolved", true)
 		viper.WriteConfig()
 	} else {
@@ -403,6 +371,7 @@ func runLocal(cmd *cobra.Command, args []string) error {
 
 	// create a PR, atlantis will identify it's a Terraform change/file update and trigger atlantis plan
 	// it's a goroutine since it can run in background
+	k8s.OpenAtlantisPortForward()
 	var wg sync.WaitGroup
 	wg.Add(1)
 	go func() {