From 4edd3c2d86b299208c3c03996615b0bceac65f85 Mon Sep 17 00:00:00 2001 From: johndietz Date: Fri, 15 Jul 2022 17:26:51 -0400 Subject: [PATCH 01/20] fixes for vault unseal --- cmd/createUtils.go | 8 +++++--- internal/vault/vault.go | 33 +++++++-------------------------- 2 files changed, 12 insertions(+), 29 deletions(-) diff --git a/cmd/createUtils.go b/cmd/createUtils.go index 496860876..e132d6fb2 100644 --- a/cmd/createUtils.go +++ b/cmd/createUtils.go @@ -161,12 +161,14 @@ func loopUntilPodIsReady() { log.Printf("vault is availbale but the body is not what is expected %s", err) continue } - isInitialized := responseJson["initialized"] - if !isInitialized.(bool) { + + _, ok := responseJson["initialized"] + if ok { log.Printf("vault is initialized and is in the expected state") - break + return } } + log.Panic("vault was never initialized") } type VaultInitResponse struct { diff --git a/internal/vault/vault.go b/internal/vault/vault.go index b96345fe8..8cdd677b6 100644 --- a/internal/vault/vault.go +++ b/internal/vault/vault.go @@ -5,20 +5,18 @@ import ( "context" "encoding/json" "fmt" + "log" + "os" + "os/exec" + "syscall" + vault "github.com/hashicorp/vault/api" "github.com/kubefirst/kubefirst/configs" - "github.com/kubefirst/kubefirst/internal/k8s" "github.com/kubefirst/kubefirst/pkg" "github.com/spf13/viper" gitlab "github.com/xanzy/go-gitlab" metaV1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/client-go/kubernetes" coreV1Types "k8s.io/client-go/kubernetes/typed/core/v1" - "k8s.io/client-go/tools/clientcmd" - "log" - "os" - "os/exec" - "syscall" ) // GetVaultRootToken get `vault-unseal-keys` token on Vault. @@ -61,29 +59,12 @@ func ConfigureVault(dryRun bool) { // ``` // ... obviously keep the sensitive values bound to vars - k8sClient, err := clientcmd.BuildConfigFromFlags("", config.KubeConfigPath) - if err != nil { - log.Panicf("error: getting k8sClient %s", err) - } - clientset, err := kubernetes.NewForConfig(k8sClient) - if err != nil { - log.Panicf("error: getting k8sClient &s", err) - } - - k8s.VaultSecretClient = clientset.CoreV1().Secrets("vault") - vaultToken, err := GetVaultRootToken(k8s.VaultSecretClient) - if err != nil { - log.Panicf("unable to get vault root token, error: %s", err) - } - - viper.Set("vault.token", vaultToken) - viper.WriteConfig() - + vaultToken := viper.GetString("vault.token") var kPortForwardOutb, kPortForwardErrb bytes.Buffer kPortForward := exec.Command(config.KubectlClientPath, "--kubeconfig", config.KubeConfigPath, "-n", "vault", "port-forward", "svc/vault", "8200:8200") kPortForward.Stdout = &kPortForwardOutb kPortForward.Stderr = &kPortForwardErrb - err = kPortForward.Start() + err := kPortForward.Start() defer kPortForward.Process.Signal(syscall.SIGTERM) if err != nil { log.Println("Commad Execution STDOUT: %s", kPortForwardOutb.String()) From c51c2011f46d74735840a0c6c89ebc2dfd97dfbe Mon Sep 17 00:00:00 2001 From: johndietz Date: Fri, 15 Jul 2022 18:52:03 -0400 Subject: [PATCH 02/20] not my favorite commit --- cmd/create.go | 40 ++++++++++++++++++++++++++------------- internal/gitlab/gitlab.go | 8 +++++++- 2 files changed, 34 insertions(+), 14 deletions(-) diff --git a/cmd/create.go b/cmd/create.go index d923ad563..f2ed49321 100644 --- a/cmd/create.go +++ b/cmd/create.go @@ -13,7 +13,6 @@ import ( "github.com/kubefirst/kubefirst/internal/gitlab" "github.com/kubefirst/kubefirst/internal/helm" "github.com/kubefirst/kubefirst/internal/progressPrinter" - "github.com/kubefirst/kubefirst/internal/reports" "github.com/kubefirst/kubefirst/internal/softserve" "github.com/kubefirst/kubefirst/internal/terraform" "github.com/kubefirst/kubefirst/internal/vault" @@ -21,6 +20,11 @@ import ( "github.com/spf13/viper" ) +const trackerStage20 = "0 - Apply Base" +const trackerStage21 = "1 - Temporary SCM Install" +const trackerStage22 = "2 - Argo/Final SCM Install" +const trackerStage23 = "3 - Final Setup" + // createCmd represents the create command var createCmd = &cobra.Command{ Use: "create", @@ -49,11 +53,7 @@ to quickly create a Cobra application.`, log.Panic(err) } - // todo: - // isolate commands, in case we want to run some validations on the create, it would be a good idea to call the - // functions that does the validations infoCmd.Run(cmd, args) - progressPrinter.IncrementTracker("step-0", 1) progressPrinter.AddTracker("step-softserve", "Prepare Temporary Repo ", 4) @@ -208,13 +208,15 @@ to quickly create a Cobra application.`, progressPrinter.AddTracker("step-vault", "Configure Vault", 4) informUser("waiting for vault unseal") + /** - informUser("Vault initialized") + */ + waitVaultToBeRunning(dryRun) + informUser("Vault running") progressPrinter.IncrementTracker("step-vault", 1) - // todo need to make sure this is not needed - // waitForVaultUnseal(dryRun, config) - // informUser("Vault unseal") + waitForVaultUnseal(dryRun, config) + informUser("Vault unseal") progressPrinter.IncrementTracker("step-vault", 1) log.Println("configuring vault") @@ -226,7 +228,9 @@ to quickly create a Cobra application.`, createVaultConfiguredSecret(dryRun, config) informUser("Vault secret created") progressPrinter.IncrementTracker("step-vault", 1) + } + if !viper.GetBool("gitlab.oidc-created") { progressPrinter.AddTracker("step-post-gitlab", "Finalize Gitlab updates", 5) vault.AddGitlabOidcApplications(dryRun) informUser("Added Gitlab OIDC") @@ -238,24 +242,34 @@ to quickly create a Cobra application.`, informUser("Pushing gitops repo to origin gitlab") // refactor: sounds like a new functions, should PushGitOpsToGitLab be renamed/update signature? - + viper.Set("gitlab.oidc-created", true) + viper.WriteConfig() + } + if !viper.GetBool("gitlab.gitops-pushed") { gitlab.PushGitRepo(dryRun, config, "gitlab", "gitops") // todo: need to handle if this was already pushed, errors on failure) progressPrinter.IncrementTracker("step-post-gitlab", 1) // todo: keep one of the two git push functions, they're similar, but not exactly the same //gitlab.PushGitOpsToGitLab(dryRun) - + viper.Set("gitlab.gitops-pushed", true) + viper.WriteConfig() + } + if !viper.GetBool("gitlab.metaphor-pushed") { informUser("Pushing metaphor repo to origin gitlab") gitlab.PushGitRepo(dryRun, config, "gitlab", "metaphor") progressPrinter.IncrementTracker("step-post-gitlab", 1) // todo: keep one of the two git push functions, they're similar, but not exactly the same //gitlab.PushGitOpsToGitLab(dryRun) - + viper.Set("gitlab.metaphor-pushed", true) + viper.WriteConfig() + } + if !viper.GetBool("gitlab.registered") { informUser("Changing registry to Gitlab") gitlab.ChangeRegistryToGitLab(dryRun) progressPrinter.IncrementTracker("step-post-gitlab", 1) - // todo triage / force apply the contents adjusting // todo kind: Application .repoURL: + viper.Set("gitlab.registered", true) + viper.WriteConfig() } } sendCompleteInstallTelemetry(dryRun) diff --git a/internal/gitlab/gitlab.go b/internal/gitlab/gitlab.go index 265d32e90..c2ae2f84c 100644 --- a/internal/gitlab/gitlab.go +++ b/internal/gitlab/gitlab.go @@ -560,7 +560,13 @@ func PushGitRepo(dryRun bool, config *configs.Config, gitOrigin, repoName string } if gitOrigin == "gitlab" { - + pkg.Detokenize(repoDir) + os.RemoveAll(repoDir + "/terraform/base/.terraform") + os.RemoveAll(repoDir + "/terraform/gitlab/.terraform") + os.RemoveAll(repoDir + "/terraform/vault/.terraform") + os.Remove(repoDir + "/terraform/base/.terraform.lock.hcl") + os.Remove(repoDir + "/terraform/gitlab/.terraform.lock.hcl") + CommitToRepo(repo, repoName) auth := &gitHttp.BasicAuth{ Username: "root", Password: viper.GetString("gitlab.token"), From 6600555ea1d9750a5fb7efbac2d8470db478311b Mon Sep 17 00:00:00 2001 From: johndietz Date: Fri, 15 Jul 2022 18:54:07 -0400 Subject: [PATCH 03/20] remove not my stuff --- cmd/create.go | 4 ---- 1 file changed, 4 deletions(-) diff --git a/cmd/create.go b/cmd/create.go index f2ed49321..28cd03cb8 100644 --- a/cmd/create.go +++ b/cmd/create.go @@ -20,10 +20,6 @@ import ( "github.com/spf13/viper" ) -const trackerStage20 = "0 - Apply Base" -const trackerStage21 = "1 - Temporary SCM Install" -const trackerStage22 = "2 - Argo/Final SCM Install" -const trackerStage23 = "3 - Final Setup" // createCmd represents the create command var createCmd = &cobra.Command{ From 7699e5a30c0f44942cf4f984587542a8c821c43e Mon Sep 17 00:00:00 2001 From: johndietz Date: Fri, 15 Jul 2022 18:56:45 -0400 Subject: [PATCH 04/20] add reports package back --- cmd/create.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/create.go b/cmd/create.go index 28cd03cb8..190a05137 100644 --- a/cmd/create.go +++ b/cmd/create.go @@ -13,6 +13,7 @@ import ( "github.com/kubefirst/kubefirst/internal/gitlab" "github.com/kubefirst/kubefirst/internal/helm" "github.com/kubefirst/kubefirst/internal/progressPrinter" + "github.com/kubefirst/kubefirst/internal/reports" "github.com/kubefirst/kubefirst/internal/softserve" "github.com/kubefirst/kubefirst/internal/terraform" "github.com/kubefirst/kubefirst/internal/vault" @@ -20,7 +21,6 @@ import ( "github.com/spf13/viper" ) - // createCmd represents the create command var createCmd = &cobra.Command{ Use: "create", From 13592e3f931ff897d2f6114e5d7fc221e0c601a3 Mon Sep 17 00:00:00 2001 From: johndietz Date: Fri, 15 Jul 2022 19:10:53 -0400 Subject: [PATCH 05/20] viper check adjustments --- internal/gitlab/gitlab.go | 172 +++++++++++++++++++------------------- 1 file changed, 85 insertions(+), 87 deletions(-) diff --git a/internal/gitlab/gitlab.go b/internal/gitlab/gitlab.go index c2ae2f84c..34fe2f08d 100644 --- a/internal/gitlab/gitlab.go +++ b/internal/gitlab/gitlab.go @@ -359,105 +359,103 @@ func DestroyGitlabTerraform(skipGitlabTerraform bool) { func ChangeRegistryToGitLab(dryRun bool) { config := configs.ReadConfig() - if !viper.GetBool("gitlab.registry") { - if dryRun { - log.Printf("[#99] Dry-run mode, ChangeRegistryToGitLab skipped.") - return - } - type ArgocdGitCreds struct { - PersonalAccessToken string - URL string - FullURL string - } + if dryRun { + log.Printf("[#99] Dry-run mode, ChangeRegistryToGitLab skipped.") + return + } - pat := b64.StdEncoding.EncodeToString([]byte(viper.GetString("gitlab.token"))) - url := b64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("https://gitlab.%s/kubefirst/", viper.GetString("aws.hostedzonename")))) - fullurl := b64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("https://gitlab.%s/kubefirst/gitops.git", viper.GetString("aws.hostedzonename")))) + type ArgocdGitCreds struct { + PersonalAccessToken string + URL string + FullURL string + } - creds := ArgocdGitCreds{PersonalAccessToken: pat, URL: url, FullURL: fullurl} + pat := b64.StdEncoding.EncodeToString([]byte(viper.GetString("gitlab.token"))) + url := b64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("https://gitlab.%s/kubefirst/", viper.GetString("aws.hostedzonename")))) + fullurl := b64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("https://gitlab.%s/kubefirst/gitops.git", viper.GetString("aws.hostedzonename")))) - var argocdRepositoryAccessTokenSecret *v1.Secret - k8sConfig, err := clientcmd.BuildConfigFromFlags("", config.KubeConfigPath) - if err != nil { - log.Panicf("error getting client from kubeconfig") - } - clientset, err := kubernetes.NewForConfig(k8sConfig) - if err != nil { - log.Panicf("error getting kubeconfig for clientset") - } - k8s.ArgocdSecretClient = clientset.CoreV1().Secrets("argocd") - - var secrets bytes.Buffer - - c, err := template.New("creds-gitlab").Parse(` - apiVersion: v1 - data: - password: {{ .PersonalAccessToken }} - url: {{ .URL }} - username: cm9vdA== - kind: Secret - metadata: - annotations: - managed-by: argocd.argoproj.io - labels: - argocd.argoproj.io/secret-type: repo-creds - name: creds-gitlab - namespace: argocd - type: Opaque - `) - if err := c.Execute(&secrets, creds); err != nil { - log.Panicf("error executing golang template for git repository credentials template %s", err) - } + creds := ArgocdGitCreds{PersonalAccessToken: pat, URL: url, FullURL: fullurl} + + var argocdRepositoryAccessTokenSecret *v1.Secret + k8sConfig, err := clientcmd.BuildConfigFromFlags("", config.KubeConfigPath) + if err != nil { + log.Panicf("error getting client from kubeconfig") + } + clientset, err := kubernetes.NewForConfig(k8sConfig) + if err != nil { + log.Panicf("error getting kubeconfig for clientset") + } + k8s.ArgocdSecretClient = clientset.CoreV1().Secrets("argocd") - ba := []byte(secrets.String()) - err = yaml.Unmarshal(ba, &argocdRepositoryAccessTokenSecret) + var secrets bytes.Buffer + + c, err := template.New("creds-gitlab").Parse(` + apiVersion: v1 + data: + password: {{ .PersonalAccessToken }} + url: {{ .URL }} + username: cm9vdA== + kind: Secret + metadata: + annotations: + managed-by: argocd.argoproj.io + labels: + argocd.argoproj.io/secret-type: repo-creds + name: creds-gitlab + namespace: argocd + type: Opaque + `) + if err := c.Execute(&secrets, creds); err != nil { + log.Panicf("error executing golang template for git repository credentials template %s", err) + } - _, err = k8s.ArgocdSecretClient.Create(context.TODO(), argocdRepositoryAccessTokenSecret, metaV1.CreateOptions{}) - if err != nil { - log.Panicf("error creating argocd repository credentials template secret %s", err) - } + ba := []byte(secrets.String()) + err = yaml.Unmarshal(ba, &argocdRepositoryAccessTokenSecret) - var repoSecrets bytes.Buffer - - c, err = template.New("repo-gitlab").Parse(` - apiVersion: v1 - data: - project: ZGVmYXVsdA== - type: Z2l0 - url: {{ .FullURL }} - kind: Secret - metadata: - annotations: - managed-by: argocd.argoproj.io - labels: - argocd.argoproj.io/secret-type: repository - name: repo-gitlab - namespace: argocd - type: Opaque - `) - if err := c.Execute(&repoSecrets, creds); err != nil { - log.Panicf("error executing golang template for gitops repository template %s", err) - } + _, err = k8s.ArgocdSecretClient.Create(context.TODO(), argocdRepositoryAccessTokenSecret, metaV1.CreateOptions{}) + if err != nil { + log.Panicf("error creating argocd repository credentials template secret %s", err) + } - ba = []byte(repoSecrets.String()) - err = yaml.Unmarshal(ba, &argocdRepositoryAccessTokenSecret) + var repoSecrets bytes.Buffer + + c, err = template.New("repo-gitlab").Parse(` + apiVersion: v1 + data: + project: ZGVmYXVsdA== + type: Z2l0 + url: {{ .FullURL }} + kind: Secret + metadata: + annotations: + managed-by: argocd.argoproj.io + labels: + argocd.argoproj.io/secret-type: repository + name: repo-gitlab + namespace: argocd + type: Opaque + `) + if err := c.Execute(&repoSecrets, creds); err != nil { + log.Panicf("error executing golang template for gitops repository template %s", err) + } - _, err = k8s.ArgocdSecretClient.Create(context.TODO(), argocdRepositoryAccessTokenSecret, metaV1.CreateOptions{}) - if err != nil { - log.Panicf("error creating argocd repository connection secret %s", err) - } + ba = []byte(repoSecrets.String()) + err = yaml.Unmarshal(ba, &argocdRepositoryAccessTokenSecret) - _, _, err = pkg.ExecShellReturnStrings(config.KubectlClientPath, "--kubeconfig", config.KubeConfigPath, "-n", "argocd", "apply", "-f", fmt.Sprintf("%s/gitops/components/gitlab/argocd-adopts-gitlab.yaml", config.K1FolderPath)) - if err != nil { - log.Panicf("failed to call execute kubectl apply of argocd patch to adopt gitlab: %s", err) - } + _, err = k8s.ArgocdSecretClient.Create(context.TODO(), argocdRepositoryAccessTokenSecret, metaV1.CreateOptions{}) + if err != nil { + log.Panicf("error creating argocd repository connection secret %s", err) + } - viper.Set("gitlab.registry", true) - viper.WriteConfig() - } else { - log.Println("Skipping: ChangeRegistryToGitLab") + _, _, err = pkg.ExecShellReturnStrings(config.KubectlClientPath, "--kubeconfig", config.KubeConfigPath, "-n", "argocd", "apply", "-f", fmt.Sprintf("%s/gitops/components/gitlab/argocd-adopts-gitlab.yaml", config.K1FolderPath)) + if err != nil { + log.Panicf("failed to call execute kubectl apply of argocd patch to adopt gitlab: %s", err) } + + viper.Set("gitlab.registry", true) + viper.WriteConfig() + } func HydrateGitlabMetaphorRepo(dryRun bool) { From 9113a9a24b3f608fc261aae0cf9e4f6c7ae6251b Mon Sep 17 00:00:00 2001 From: johndietz Date: Fri, 15 Jul 2022 19:11:54 -0400 Subject: [PATCH 06/20] viper check adjustments --- internal/gitlab/gitlab.go | 3 --- 1 file changed, 3 deletions(-) diff --git a/internal/gitlab/gitlab.go b/internal/gitlab/gitlab.go index 34fe2f08d..b0d88b697 100644 --- a/internal/gitlab/gitlab.go +++ b/internal/gitlab/gitlab.go @@ -453,9 +453,6 @@ func ChangeRegistryToGitLab(dryRun bool) { log.Panicf("failed to call execute kubectl apply of argocd patch to adopt gitlab: %s", err) } - viper.Set("gitlab.registry", true) - viper.WriteConfig() - } func HydrateGitlabMetaphorRepo(dryRun bool) { From fca9c8f496919cbc5ac4b4c32441b017a75c5e97 Mon Sep 17 00:00:00 2001 From: johndietz Date: Sat, 16 Jul 2022 21:47:32 -0400 Subject: [PATCH 07/20] vault local address --- internal/vault/vault.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/vault/vault.go b/internal/vault/vault.go index 8cdd677b6..510761af5 100644 --- a/internal/vault/vault.go +++ b/internal/vault/vault.go @@ -187,7 +187,7 @@ func AddGitlabOidcApplications(dryRun bool) { func addVaultSecret(secretPath string, secretData map[string]interface{}) { config := vault.DefaultConfig() - config.Address = fmt.Sprintf("https://vault.%s", viper.GetString("aws.hostedzonename")) + config.Address = viper.GetString("vault.local.service") client, err := vault.NewClient(config) if err != nil { From 24a0b416602b225bb3ded02b0a68cdc5558ab2c2 Mon Sep 17 00:00:00 2001 From: jarededwards Date: Sat, 16 Jul 2022 20:47:38 -0600 Subject: [PATCH 08/20] changes, mostly formatting --- cmd/checktools.go | 7 ++-- cmd/create.go | 20 ++++++------ cmd/destroy.go | 4 +-- cmd/kubernetes.go | 11 ++++--- internal/gitlab/gitlab.go | 67 ++++++++++++++++++++------------------ internal/k8s/kubernetes.go | 13 ++++++-- 6 files changed, 68 insertions(+), 54 deletions(-) diff --git a/cmd/checktools.go b/cmd/checktools.go index 7592ae4ad..1b2319d53 100644 --- a/cmd/checktools.go +++ b/cmd/checktools.go @@ -2,6 +2,7 @@ package cmd import ( "fmt" + "github.com/kubefirst/kubefirst/configs" "github.com/kubefirst/kubefirst/pkg" "github.com/spf13/cobra" @@ -27,13 +28,13 @@ var checktoolsCmd = &cobra.Command{ fmt.Printf("-> helm version:\n\t%s\n\t%s\n", helmVersion, helmStdErr) if errKubectl != nil { - fmt.Println("failed to call kubectlVersionCmd.Run(): %v", errKubectl) + fmt.Printf("failed to call kubectlVersionCmd.Run(): %v", errKubectl) } if errHelm != nil { - fmt.Println("failed to call helmVersionCmd.Run(): %v", errHelm) + fmt.Printf("failed to call helmVersionCmd.Run(): %v", errHelm) } if errTerraform != nil { - fmt.Println("failed to call terraformVersionCmd.Run(): %v", errTerraform) + fmt.Printf("failed to call terraformVersionCmd.Run(): %v", errTerraform) } }, diff --git a/cmd/create.go b/cmd/create.go index 190a05137..52a558c0f 100644 --- a/cmd/create.go +++ b/cmd/create.go @@ -81,8 +81,8 @@ to quickly create a Cobra application.`, defer kPortForwardSoftServe.Process.Signal(syscall.SIGTERM) if err != nil { // If it doesn't error, we kinda don't care much. - log.Println("Commad Execution STDOUT: %s", kPortForwardSoftServeOutb.String()) - log.Println("Commad Execution STDERR: %s", kPortForwardSoftServeErrb.String()) + log.Printf("Commad Execution STDOUT: %s", kPortForwardSoftServeOutb.String()) + log.Printf("Commad Execution STDERR: %s", kPortForwardSoftServeErrb.String()) log.Panicf("error: failed to port-forward to soft-serve %s", err) } time.Sleep(20 * time.Second) @@ -109,13 +109,13 @@ to quickly create a Cobra application.`, err = kPortForwardArgocd.Start() defer kPortForwardArgocd.Process.Signal(syscall.SIGTERM) if err != nil { - log.Println("Commad Execution STDOUT: %s", kPortForwardArgocdOutb.String()) - log.Println("Commad Execution STDERR: %s", kPortForwardArgocdErrb.String()) + log.Printf("Commad Execution STDOUT: %s", kPortForwardArgocdOutb.String()) + log.Printf("Commad Execution STDERR: %s", kPortForwardArgocdErrb.String()) log.Panicf("error: failed to port-forward to argocd in main thread %s", err) } - log.Println("sleeping for 45 seconds, hurry up jared") - time.Sleep(45 * time.Second) + // log.Println("sleeping for 45 seconds, hurry up jared") + // time.Sleep(45 * time.Second) } informUser(fmt.Sprintf("ArgoCD available at %s", viper.GetString("argocd.local.service"))) progressPrinter.IncrementTracker("step-argo", 1) @@ -135,8 +135,8 @@ to quickly create a Cobra application.`, // todo, need to stall until the registry has synced, then get to ui asap //! skip this if syncing from argocd and not helm installing - log.Printf("sleeping for 30 seconds, hurry up jared sign into argocd %s", viper.GetString("argocd.admin.password")) - time.Sleep(30 * time.Second) + // log.Printf("sleeping for 30 seconds, hurry up jared sign into argocd %s", viper.GetString("argocd.admin.password")) + // time.Sleep(30 * time.Second) //! //* we need to stop here and wait for the vault namespace to exist and the vault pod to be ready @@ -180,8 +180,8 @@ to quickly create a Cobra application.`, defer kPortForwardGitlab.Process.Signal(syscall.SIGTERM) if err != nil { // If it doesn't error, we kinda don't care much. - log.Println("Commad Execution STDOUT: %s", kPortForwardGitlabOutb.String()) - log.Println("Commad Execution STDERR: %s", kPortForwardGitlabErrb.String()) + log.Printf("Commad Execution STDOUT: %s", kPortForwardGitlabOutb.String()) + log.Printf("Commad Execution STDERR: %s", kPortForwardGitlabErrb.String()) log.Panicf("error: failed to port-forward to gitlab in main thread %s", err) } } diff --git a/cmd/destroy.go b/cmd/destroy.go index e34c54471..924bbd3ff 100644 --- a/cmd/destroy.go +++ b/cmd/destroy.go @@ -60,8 +60,8 @@ if the registry has already been deleted.`, err = kPortForwardArgocd.Start() defer kPortForwardArgocd.Process.Signal(syscall.SIGTERM) if err != nil { - log.Println("Commad Execution STDOUT: %s", kPortForwardArgocdOutb.String()) - log.Println("Commad Execution STDERR: %s", kPortForwardArgocdErrb.String()) + log.Printf("Commad Execution STDOUT: %s", kPortForwardArgocdOutb.String()) + log.Printf("Commad Execution STDERR: %s", kPortForwardArgocdErrb.String()) log.Panicf("error: failed to port-forward to argocd in main thread %s", err) } // kPortForwardVault := exec.Command(config.KubectlClientPath, "--kubeconfig", config.KubeConfigPath, "-n", "vault", "port-forward", "svc/vault", "8200:8200") diff --git a/cmd/kubernetes.go b/cmd/kubernetes.go index 0a55ac04b..88b6dfaa6 100644 --- a/cmd/kubernetes.go +++ b/cmd/kubernetes.go @@ -9,15 +9,16 @@ import ( "context" "encoding/json" "fmt" + "log" + "os" + "os/exec" + "time" + "github.com/kubefirst/kubefirst/configs" "github.com/kubefirst/kubefirst/pkg" "github.com/spf13/viper" metaV1 "k8s.io/apimachinery/pkg/apis/meta/v1" coreV1Types "k8s.io/client-go/kubernetes/typed/core/v1" - "log" - "os" - "os/exec" - "time" ) var vaultRootToken string @@ -99,7 +100,7 @@ func createVaultConfiguredSecret(dryRun bool, config *configs.Config) { if err != nil { log.Panicf("failed to create secret for vault-configured: %s", err) } - log.Println("the secret create output is: %s", output.String()) + log.Printf("the secret create output is: %s", output.String()) viper.Set("vault.configuredsecret", true) viper.WriteConfig() diff --git a/internal/gitlab/gitlab.go b/internal/gitlab/gitlab.go index b0d88b697..87af32872 100644 --- a/internal/gitlab/gitlab.go +++ b/internal/gitlab/gitlab.go @@ -124,7 +124,7 @@ func PushGitOpsToGitLab(dryRun bool) { }, }) if err != nil { - log.Panicf("error committing changes", err) + log.Panicf("error committing changes %s", err) } log.Println("setting auth...") @@ -141,7 +141,7 @@ func PushGitOpsToGitLab(dryRun bool) { Auth: auth, }) if err != nil { - log.Panicf("error pushing to remote", err) + log.Panicf("error pushing to remote %s", err) } } @@ -391,27 +391,30 @@ func ChangeRegistryToGitLab(dryRun bool) { var secrets bytes.Buffer c, err := template.New("creds-gitlab").Parse(` - apiVersion: v1 - data: - password: {{ .PersonalAccessToken }} - url: {{ .URL }} - username: cm9vdA== - kind: Secret - metadata: - annotations: - managed-by: argocd.argoproj.io - labels: - argocd.argoproj.io/secret-type: repo-creds - name: creds-gitlab - namespace: argocd - type: Opaque - `) + apiVersion: v1 + data: + password: {{ .PersonalAccessToken }} + url: {{ .URL }} + username: cm9vdA== + kind: Secret + metadata: + annotations: + managed-by: argocd.argoproj.io + labels: + argocd.argoproj.io/secret-type: repo-creds + name: creds-gitlab + namespace: argocd + type: Opaque + `) if err := c.Execute(&secrets, creds); err != nil { log.Panicf("error executing golang template for git repository credentials template %s", err) } ba := []byte(secrets.String()) err = yaml.Unmarshal(ba, &argocdRepositoryAccessTokenSecret) + if err != nil { + log.Println("error unmarshalling yaml during argocd repository secret create", err) + } _, err = k8s.ArgocdSecretClient.Create(context.TODO(), argocdRepositoryAccessTokenSecret, metaV1.CreateOptions{}) if err != nil { @@ -421,21 +424,21 @@ func ChangeRegistryToGitLab(dryRun bool) { var repoSecrets bytes.Buffer c, err = template.New("repo-gitlab").Parse(` - apiVersion: v1 - data: - project: ZGVmYXVsdA== - type: Z2l0 - url: {{ .FullURL }} - kind: Secret - metadata: - annotations: - managed-by: argocd.argoproj.io - labels: - argocd.argoproj.io/secret-type: repository - name: repo-gitlab - namespace: argocd - type: Opaque - `) + apiVersion: v1 + data: + project: ZGVmYXVsdA== + type: Z2l0 + url: {{ .FullURL }} + kind: Secret + metadata: + annotations: + managed-by: argocd.argoproj.io + labels: + argocd.argoproj.io/secret-type: repository + name: repo-gitlab + namespace: argocd + type: Opaque + `) if err := c.Execute(&repoSecrets, creds); err != nil { log.Panicf("error executing golang template for gitops repository template %s", err) } diff --git a/internal/k8s/kubernetes.go b/internal/k8s/kubernetes.go index f3f5c77b9..20260b29a 100644 --- a/internal/k8s/kubernetes.go +++ b/internal/k8s/kubernetes.go @@ -8,13 +8,14 @@ import ( "context" "encoding/json" "fmt" + "log" + "time" + "github.com/kubefirst/kubefirst/internal/argocd" "github.com/kubefirst/kubefirst/pkg" "github.com/spf13/viper" metaV1 "k8s.io/apimachinery/pkg/apis/meta/v1" coreV1Types "k8s.io/client-go/kubernetes/typed/core/v1" - "log" - "time" ) var vaultRootToken string @@ -37,6 +38,14 @@ func GetPodNameByLabel(gitlabPodsClient coreV1Types.PodInterface, label string) return gitlabToolboxPodName } +// func CreateRepoSecret() { + +// } + +// func CreateCredentialsTemplateSecret() { + +// } + func getVaultRootToken(vaultSecretClient coreV1Types.SecretInterface) string { name := "vault-unseal-keys" log.Printf("Reading secret %s\n", name) From 1454054570eb31f2931ca921854889ac5ffa741a Mon Sep 17 00:00:00 2001 From: johndietz Date: Sat, 16 Jul 2022 23:08:21 -0400 Subject: [PATCH 09/20] spaces --- internal/gitlab/gitlab.go | 60 +++++++++++++++++++-------------------- 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/internal/gitlab/gitlab.go b/internal/gitlab/gitlab.go index b0d88b697..ffdc1e5a8 100644 --- a/internal/gitlab/gitlab.go +++ b/internal/gitlab/gitlab.go @@ -391,21 +391,21 @@ func ChangeRegistryToGitLab(dryRun bool) { var secrets bytes.Buffer c, err := template.New("creds-gitlab").Parse(` - apiVersion: v1 - data: - password: {{ .PersonalAccessToken }} - url: {{ .URL }} - username: cm9vdA== - kind: Secret - metadata: - annotations: - managed-by: argocd.argoproj.io - labels: - argocd.argoproj.io/secret-type: repo-creds - name: creds-gitlab - namespace: argocd - type: Opaque - `) + apiVersion: v1 + data: + password: {{ .PersonalAccessToken }} + url: {{ .URL }} + username: cm9vdA== + kind: Secret + metadata: + annotations: + managed-by: argocd.argoproj.io + labels: + argocd.argoproj.io/secret-type: repo-creds + name: creds-gitlab + namespace: argocd + type: Opaque + `) if err := c.Execute(&secrets, creds); err != nil { log.Panicf("error executing golang template for git repository credentials template %s", err) } @@ -421,21 +421,21 @@ func ChangeRegistryToGitLab(dryRun bool) { var repoSecrets bytes.Buffer c, err = template.New("repo-gitlab").Parse(` - apiVersion: v1 - data: - project: ZGVmYXVsdA== - type: Z2l0 - url: {{ .FullURL }} - kind: Secret - metadata: - annotations: - managed-by: argocd.argoproj.io - labels: - argocd.argoproj.io/secret-type: repository - name: repo-gitlab - namespace: argocd - type: Opaque - `) + apiVersion: v1 + data: + project: ZGVmYXVsdA== + type: Z2l0 + url: {{ .FullURL }} + kind: Secret + metadata: + annotations: + managed-by: argocd.argoproj.io + labels: + argocd.argoproj.io/secret-type: repository + name: repo-gitlab + namespace: argocd + type: Opaque + `) if err := c.Execute(&repoSecrets, creds); err != nil { log.Panicf("error executing golang template for gitops repository template %s", err) } From 2e6c948e0c2eba83e895b07e2506a59c9ccb2c0f Mon Sep 17 00:00:00 2001 From: johndietz Date: Sun, 17 Jul 2022 17:08:45 -0400 Subject: [PATCH 10/20] adjustments through latest provisioning --- cmd/create.go | 23 +++++++++++++++++++++++ cmd/kubefirstTemplate.go | 15 ++++++++------- cmd/kubernetes.go | 25 +++++++++++++++++-------- internal/gitlab/gitlab.go | 4 ++-- internal/k8s/kubernetes.go | 14 +++++++++++--- pkg/helpers.go | 10 ++++++++-- 6 files changed, 69 insertions(+), 22 deletions(-) diff --git a/cmd/create.go b/cmd/create.go index 52a558c0f..564185436 100644 --- a/cmd/create.go +++ b/cmd/create.go @@ -12,6 +12,7 @@ import ( "github.com/kubefirst/kubefirst/internal/argocd" "github.com/kubefirst/kubefirst/internal/gitlab" "github.com/kubefirst/kubefirst/internal/helm" + "github.com/kubefirst/kubefirst/internal/k8s" "github.com/kubefirst/kubefirst/internal/progressPrinter" "github.com/kubefirst/kubefirst/internal/reports" "github.com/kubefirst/kubefirst/internal/softserve" @@ -19,6 +20,8 @@ import ( "github.com/kubefirst/kubefirst/internal/vault" "github.com/spf13/cobra" "github.com/spf13/viper" + "k8s.io/client-go/kubernetes" + "k8s.io/client-go/tools/clientcmd" ) // createCmd represents the create command @@ -249,6 +252,26 @@ to quickly create a Cobra application.`, viper.Set("gitlab.gitops-pushed", true) viper.WriteConfig() } + if !viper.GetBool("argocd.oidc-patched") { + cfg := configs.ReadConfig() + config, err := clientcmd.BuildConfigFromFlags("", cfg.KubeConfigPath) + if err != nil { + panic(err.Error()) + } + clientset, err := kubernetes.NewForConfig(config) + if err != nil { + panic(err.Error()) + } + + argocdSecretClient = clientset.CoreV1().Secrets("argocd") + patchSecret(argocdSecretClient, "argocd-secret", "oidc.gitlab.clientSecret", viper.GetString("gitlab.oidc.argocd.secret")) + + argocdPodClient := clientset.CoreV1().Pods("argocd") + argocdPodName := k8s.GetPodNameByLabel(argocdPodClient, "app.kubernetes.io/name=argocd-server") + k8s.DeletePodByName(argocdPodClient, argocdPodName) + viper.Set("argocd.oidc-patched", true) + viper.WriteConfig() + } if !viper.GetBool("gitlab.metaphor-pushed") { informUser("Pushing metaphor repo to origin gitlab") gitlab.PushGitRepo(dryRun, config, "gitlab", "metaphor") diff --git a/cmd/kubefirstTemplate.go b/cmd/kubefirstTemplate.go index 6ae7afffc..0d0a09ae2 100644 --- a/cmd/kubefirstTemplate.go +++ b/cmd/kubefirstTemplate.go @@ -14,6 +14,7 @@ import ( "github.com/go-git/go-git/v5/plumbing" "github.com/go-git/go-git/v5/plumbing/object" "github.com/kubefirst/kubefirst/configs" + "github.com/kubefirst/kubefirst/pkg" "github.com/spf13/viper" ) @@ -42,7 +43,7 @@ func prepareKubefirstTemplateRepo(config *configs.Config, githubOrg, repoName st log.Printf("cloned %s-template repository to directory %s/%s", repoName, config.K1FolderPath, repoName) log.Printf("detokenizing %s/%s", config.K1FolderPath, repoName) - detokenize(directory) + pkg.Detokenize(directory) log.Printf("detokenization of %s/%s complete", config.K1FolderPath, repoName) viper.Set(fmt.Sprintf("init.repos.%s.detokenized", repoName), true) @@ -78,13 +79,13 @@ func prepareKubefirstTemplateRepo(config *configs.Config, githubOrg, repoName st viper.WriteConfig() } -func detokenize(path string) { +// func detokenize(path string) { - err := filepath.Walk(path, detokenizeDirectory) - if err != nil { - panic(err) - } -} +// err := filepath.Walk(path, detokenizeDirectory) +// if err != nil { +// panic(err) +// } +// } func detokenizeDirectory(path string, fi os.FileInfo, err error) error { if err != nil { diff --git a/cmd/kubernetes.go b/cmd/kubernetes.go index 88b6dfaa6..c2ce85624 100644 --- a/cmd/kubernetes.go +++ b/cmd/kubernetes.go @@ -30,16 +30,16 @@ var vaultSecretClient coreV1Types.SecretInterface var argocdSecretClient coreV1Types.SecretInterface var gitlabPodsClient coreV1Types.PodInterface -func getPodNameByLabel(gitlabPodsClient coreV1Types.PodInterface, label string) string { - pods, err := gitlabPodsClient.List(context.TODO(), metaV1.ListOptions{LabelSelector: fmt.Sprintf("app=%s", label)}) - if err != nil { - fmt.Println(err) - } +// func getPodNameByLabel(gitlabPodsClient coreV1Types.PodInterface, label string) string { +// pods, err := gitlabPodsClient.List(context.TODO(), metaV1.ListOptions{LabelSelector: label}) +// if err != nil { +// fmt.Println(err) +// } - gitlabToolboxPodName = pods.Items[0].Name +// gitlabToolboxPodName = pods.Items[0].Name - return gitlabToolboxPodName -} +// return gitlabToolboxPodName +// } func waitForVaultUnseal(dryRun bool, config *configs.Config) { if dryRun { @@ -137,6 +137,15 @@ func getSecretValue(k8sClient coreV1Types.SecretInterface, secretName, key strin return string(secret.Data[key]) } +func patchSecret(k8sClient coreV1Types.SecretInterface, secretName, key, val string) { + secret, err := k8sClient.Get(context.TODO(), secretName, metaV1.GetOptions{}) + if err != nil { + log.Println(fmt.Sprintf("error getting key: %s from secret: %s", key, secretName), err) + } + secret.Data[key] = []byte(val) + k8sClient.Update(context.TODO(), secret, metaV1.UpdateOptions{}) +} + func waitForNamespaceandPods(dryRun bool, config *configs.Config, namespace, podLabel string) { if dryRun { log.Printf("[#99] Dry-run mode, waitForNamespaceandPods skipped") diff --git a/internal/gitlab/gitlab.go b/internal/gitlab/gitlab.go index 87af32872..8d2d3d208 100644 --- a/internal/gitlab/gitlab.go +++ b/internal/gitlab/gitlab.go @@ -195,8 +195,8 @@ func ProduceGitlabTokens(dryRun bool) { log.Println("discovering gitlab toolbox pod") - k8s.GitlabPodsClient = clientset.CoreV1().Pods("gitlab") - gitlabPodName := k8s.GetPodNameByLabel(k8s.GitlabPodsClient, "toolbox") + gitlabPodClient := clientset.CoreV1().Pods("gitlab") + gitlabPodName := k8s.GetPodNameByLabel(gitlabPodClient, "app=toolbox") k8s.GitlabSecretClient = clientset.CoreV1().Secrets("gitlab") secrets, err := k8s.GitlabSecretClient.List(context.TODO(), metaV1.ListOptions{}) diff --git a/internal/k8s/kubernetes.go b/internal/k8s/kubernetes.go index 20260b29a..987059a8f 100644 --- a/internal/k8s/kubernetes.go +++ b/internal/k8s/kubernetes.go @@ -25,10 +25,11 @@ var gitlabToolboxPodName string var GitlabSecretClient coreV1Types.SecretInterface var VaultSecretClient coreV1Types.SecretInterface var ArgocdSecretClient coreV1Types.SecretInterface -var GitlabPodsClient coreV1Types.PodInterface -func GetPodNameByLabel(gitlabPodsClient coreV1Types.PodInterface, label string) string { - pods, err := gitlabPodsClient.List(context.TODO(), metaV1.ListOptions{LabelSelector: fmt.Sprintf("app=%s", label)}) +// var GitlabPodsClient coreV1Types.PodInterface + +func GetPodNameByLabel(podsClient coreV1Types.PodInterface, label string) string { + pods, err := podsClient.List(context.TODO(), metaV1.ListOptions{LabelSelector: label}) if err != nil { fmt.Println(err) } @@ -38,6 +39,13 @@ func GetPodNameByLabel(gitlabPodsClient coreV1Types.PodInterface, label string) return gitlabToolboxPodName } +func DeletePodByName(podsClient coreV1Types.PodInterface, podName string) { + err := podsClient.Delete(context.TODO(), podName, metaV1.DeleteOptions{}) + if err != nil { + fmt.Println(err) + } +} + // func CreateRepoSecret() { // } diff --git a/pkg/helpers.go b/pkg/helpers.go index 762b7703c..6244888bf 100644 --- a/pkg/helpers.go +++ b/pkg/helpers.go @@ -3,13 +3,14 @@ package pkg import ( "errors" "fmt" - "github.com/kubefirst/kubefirst/configs" "io/ioutil" "log" "os" "path/filepath" "strings" + "github.com/kubefirst/kubefirst/configs" + "github.com/spf13/viper" ) @@ -30,7 +31,7 @@ func DetokenizeDirectory(path string, fi os.FileInfo, err error) error { return nil // } - if strings.Contains(path, ".gitClient") || strings.Contains(path, ".terraform") { + if strings.Contains(path, ".gitClient") || strings.Contains(path, ".terraform") || strings.Contains(path, ".git") { return nil } @@ -68,6 +69,7 @@ func DetokenizeDirectory(path string, fi os.FileInfo, err error) error { awsAccountId := viper.GetString("aws.accountid") kmsKeyId := viper.GetString("vault.kmskeyid") clusterName := viper.GetString("cluster-name") + argocdOidcClientId := viper.GetString(("gitlab.oidc.argocd.applicationid")) newContents = strings.Replace(newContents, "", strings.TrimSpace(botPublicKey), -1) newContents = strings.Replace(newContents, "", bucketStateStore, -1) @@ -84,6 +86,10 @@ func DetokenizeDirectory(path string, fi os.FileInfo, err error) error { } newContents = strings.Replace(newContents, "", clusterName, -1) + if argocdOidcClientId != "" { + newContents = strings.Replace(newContents, "", argocdOidcClientId, -1) + } + if viper.GetBool("create.terraformapplied.gitlab") { newContents = strings.Replace(newContents, "", hostedZoneName, -1) newContents = strings.Replace(newContents, "", region, -1) From bb5745e536a6055c776ab01e40887d91fad073d4 Mon Sep 17 00:00:00 2001 From: Cesar Filho <53096417+6za@users.noreply.github.com> Date: Mon, 18 Jul 2022 15:01:09 -0300 Subject: [PATCH 11/20] Vault unseal tweak 0718 (#121) * allow the retry to work as expected * re-enable dry-run create Signed-off-by: 6za <53096417+6za@users.noreply.github.com> --- cmd/create.go | 6 +++--- cmd/createUtils.go | 14 +++++++++++--- internal/argocd/argocd.go | 19 ++++++++++++++----- internal/gitlab/gitlab.go | 8 ++++---- internal/k8s/kubernetes.go | 4 ++-- 5 files changed, 34 insertions(+), 17 deletions(-) diff --git a/cmd/create.go b/cmd/create.go index 564185436..f3c323a1a 100644 --- a/cmd/create.go +++ b/cmd/create.go @@ -162,8 +162,8 @@ to quickly create a Cobra application.`, log.Panicf("error: failed to port-forward to vault in main thread %s", err) } } - loopUntilPodIsReady() - initializeVaultAndAutoUnseal() + loopUntilPodIsReady(dryRun) + initializeVaultAndAutoUnseal(dryRun) informUser(fmt.Sprintf("Vault available at %s", viper.GetString("vault.local.service"))) progressPrinter.IncrementTracker("step-gitlab", 1) @@ -252,7 +252,7 @@ to quickly create a Cobra application.`, viper.Set("gitlab.gitops-pushed", true) viper.WriteConfig() } - if !viper.GetBool("argocd.oidc-patched") { + if !dryRun && !viper.GetBool("argocd.oidc-patched") { cfg := configs.ReadConfig() config, err := clientcmd.BuildConfigFromFlags("", cfg.KubeConfigPath) if err != nil { diff --git a/cmd/createUtils.go b/cmd/createUtils.go index e132d6fb2..f3425ffd1 100644 --- a/cmd/createUtils.go +++ b/cmd/createUtils.go @@ -129,7 +129,11 @@ func waitVaultToBeRunning(dryRun bool) { } } -func loopUntilPodIsReady() { +func loopUntilPodIsReady(dryRun bool) { + if dryRun { + log.Printf("[#99] Dry-run mode, loopUntilPodIsReady skipped.") + return + } x := 50 url := "http://localhost:8200/v1/sys/health" @@ -153,7 +157,7 @@ func loopUntilPodIsReady() { log.Println("vault is availbale but the body is not what is expected ", err) continue } - fmt.Println(string(body)) + log.Println(string(body)) var responseJson map[string]interface{} @@ -196,7 +200,11 @@ type VaultUnsealResponse struct { KeysB64 []string `json:"keys_base64"` } -func initializeVaultAndAutoUnseal() { +func initializeVaultAndAutoUnseal(dryRun bool) { + if dryRun { + log.Printf("[#99] Dry-run mode, initializeVaultAndAutoUnseal skipped.") + return + } url := "http://127.0.0.1:8200/v1/sys/init" payload := strings.NewReader("{\n\t\"stored_shares\": 3,\n\t\"recovery_threshold\": 3,\n\t\"recovery_shares\": 5\n}") diff --git a/internal/argocd/argocd.go b/internal/argocd/argocd.go index c940b8c81..b7078a54f 100644 --- a/internal/argocd/argocd.go +++ b/internal/argocd/argocd.go @@ -145,20 +145,26 @@ func GetArgocdAuthToken(dryRun bool) string { x := 3 for i := 0; i < x; i++ { + log.Print("requesting auth token from argocd: attempt %s of %s", i, x) + time.Sleep(1 * time.Second) res, err := client.Do(req) + if err != nil { - log.Panic("error requesting auth token from argocd", err) - } else { - defer res.Body.Close() + log.Print("error requesting auth token from argocd", err) + continue + } else { + defer res.Body.Close() body, err := ioutil.ReadAll(res.Body) if err != nil { - log.Panic("error sending POST request to get argocd auth token :", err) + log.Print("error sending POST request to get argocd auth token:", err) + continue } var dat map[string]interface{} if err := json.Unmarshal(body, &dat); err != nil { - log.Panicf("error unmarshalling %s", err) + log.Print("error unmarshalling %s", err) + continue } token := dat["token"] viper.Set("argocd.admin.apitoken", token) @@ -168,6 +174,9 @@ func GetArgocdAuthToken(dryRun bool) string { return token.(string) } } + log.Panic("Fail to get a token") + // This code is unreacheble, as in absence of token we want to fail the install. + // I kept is to avoid compiler to complain. return "" } diff --git a/internal/gitlab/gitlab.go b/internal/gitlab/gitlab.go index 8d2d3d208..b2b4cb887 100644 --- a/internal/gitlab/gitlab.go +++ b/internal/gitlab/gitlab.go @@ -169,6 +169,10 @@ func AwaitGitlab(dryRun bool) { } func ProduceGitlabTokens(dryRun bool) { + if dryRun { + log.Printf("[#99] Dry-run mode, ProduceGitlabTokens skipped.") + return + } //TODO: Should this step be skipped if already executed? config := configs.ReadConfig() k8sConfig, err := clientcmd.BuildConfigFromFlags("", config.KubeConfigPath) @@ -180,10 +184,6 @@ func ProduceGitlabTokens(dryRun bool) { log.Panic(err.Error()) } log.Println("discovering gitlab toolbox pod") - if dryRun { - log.Printf("[#99] Dry-run mode, ProduceGitlabTokens skipped.") - return - } time.Sleep(30 * time.Second) // todo: move it to config k8s.ArgocdSecretClient = clientset.CoreV1().Secrets("argocd") diff --git a/internal/k8s/kubernetes.go b/internal/k8s/kubernetes.go index 987059a8f..fc395aa9b 100644 --- a/internal/k8s/kubernetes.go +++ b/internal/k8s/kubernetes.go @@ -31,7 +31,7 @@ var ArgocdSecretClient coreV1Types.SecretInterface func GetPodNameByLabel(podsClient coreV1Types.PodInterface, label string) string { pods, err := podsClient.List(context.TODO(), metaV1.ListOptions{LabelSelector: label}) if err != nil { - fmt.Println(err) + log.Println(err) } gitlabToolboxPodName = pods.Items[0].Name @@ -42,7 +42,7 @@ func GetPodNameByLabel(podsClient coreV1Types.PodInterface, label string) string func DeletePodByName(podsClient coreV1Types.PodInterface, podName string) { err := podsClient.Delete(context.TODO(), podName, metaV1.DeleteOptions{}) if err != nil { - fmt.Println(err) + log.Println(err) } } From e4a6df8fa5b9fd4059bdc6e00f34fefedc78cc3f Mon Sep 17 00:00:00 2001 From: johndietz Date: Mon, 18 Jul 2022 15:08:44 -0400 Subject: [PATCH 12/20] adjustments for gitlab takeover --- cmd/create.go | 18 +- cmd/destroy.go | 17 +- internal/argocd/argocd.go | 18 + internal/gitlab/gitlab.go | 1029 +++++++++++++++++++------------------ pkg/keys.go | 28 - 5 files changed, 581 insertions(+), 529 deletions(-) diff --git a/cmd/create.go b/cmd/create.go index 564185436..f3ac43d87 100644 --- a/cmd/create.go +++ b/cmd/create.go @@ -18,6 +18,7 @@ import ( "github.com/kubefirst/kubefirst/internal/softserve" "github.com/kubefirst/kubefirst/internal/terraform" "github.com/kubefirst/kubefirst/internal/vault" + "github.com/kubefirst/kubefirst/pkg" "github.com/spf13/cobra" "github.com/spf13/viper" "k8s.io/client-go/kubernetes" @@ -131,6 +132,13 @@ to quickly create a Cobra application.`, token := argocd.GetArgocdAuthToken(dryRun) progressPrinter.IncrementTracker("step-argo", 1) + _, _, err = pkg.ExecShellReturnStrings(config.KubectlClientPath, "--kubeconfig", config.KubeConfigPath, "-n", "argocd", "apply", "-f", fmt.Sprintf("%s/gitops/components/helpers/registry.yaml", config.K1FolderPath)) + if err != nil { + log.Panicf("failed to call execute kubectl apply of argocd patch to adopt gitlab: %s", err) + } + time.Sleep(45 * time.Second) + //TODO: ensure argocd is in a good heathy state before syncing the registry application + informUser("Syncing the registry application") argocd.SyncArgocdApplication(dryRun, "registry", token) progressPrinter.IncrementTracker("step-argo", 1) @@ -282,7 +290,15 @@ to quickly create a Cobra application.`, viper.WriteConfig() } if !viper.GetBool("gitlab.registered") { - informUser("Changing registry to Gitlab") + // informUser("Getting ArgoCD auth token") + // token := argocd.GetArgocdAuthToken(dryRun) + // progressPrinter.IncrementTracker("step-post-gitlab", 1) + + // informUser("Detaching the registry application from softserve") + // argocd.DeleteArgocdApplicationNoCascade(dryRun, "registry", token) + // progressPrinter.IncrementTracker("step-post-gitlab", 1) + + informUser("Adding the registry application registered against gitlab") gitlab.ChangeRegistryToGitLab(dryRun) progressPrinter.IncrementTracker("step-post-gitlab", 1) // todo triage / force apply the contents adjusting diff --git a/cmd/destroy.go b/cmd/destroy.go index 924bbd3ff..c55d1d5e5 100644 --- a/cmd/destroy.go +++ b/cmd/destroy.go @@ -3,6 +3,7 @@ package cmd import ( "bytes" "log" + "os" "os/exec" "syscall" @@ -44,14 +45,14 @@ if the registry has already been deleted.`, log.Panic(err) } - // kPortForward := exec.Command(config.KubectlClientPath, "--kubeconfig", config.KubeConfigPath, "-n", "gitlab", "port-forward", "svc/gitlab-webservice-default", "8888:8080") - // kPortForward.Stdout = os.Stdout - // kPortForward.Stderr = os.Stderr - // defer kPortForward.Process.Signal(syscall.SIGTERM) - // err = kPortForward.Start() - // if err != nil { - // log.Panicf("error: failed to port-forward to gitlab in main thread %s", err) - // } + kPortForward := exec.Command(config.KubectlClientPath, "--kubeconfig", config.KubeConfigPath, "-n", "gitlab", "port-forward", "svc/gitlab-webservice-default", "8888:8080") + kPortForward.Stdout = os.Stdout + kPortForward.Stderr = os.Stderr + defer kPortForward.Process.Signal(syscall.SIGTERM) + err = kPortForward.Start() + if err != nil { + log.Printf("warning: failed to port-forward to gitlab in main thread %s", err) + } var kPortForwardArgocdOutb, kPortForwardArgocdErrb bytes.Buffer kPortForwardArgocd := exec.Command(config.KubectlClientPath, "--kubeconfig", config.KubeConfigPath, "-n", "argocd", "port-forward", "svc/argocd-server", "8080:80") diff --git a/internal/argocd/argocd.go b/internal/argocd/argocd.go index c940b8c81..c4aedc8d4 100644 --- a/internal/argocd/argocd.go +++ b/internal/argocd/argocd.go @@ -188,3 +188,21 @@ func SyncArgocdApplication(dryRun bool, applicationName, argocdAuthToken string) log.Panicf("error: curl appSync failed failed %s", err) } } + +func DeleteArgocdApplicationNoCascade(dryRun bool, applicationName, argocdAuthToken string) { + if dryRun { + log.Printf("[#99] Dry-run mode, SyncArgocdApplication skipped.") + return + } + + // todo need to replace this with a curl wrapper and see if it WORKS + + url := fmt.Sprintf("https://localhost:8080/api/v1/applications/%s?cascade=false", applicationName) + var outb bytes.Buffer + + _, _, err := pkg.ExecShellReturnStrings("curl", "-k", "-L", "-X", "DELETE", url, "-H", fmt.Sprintf("Authorization: Bearer %s", argocdAuthToken)) + log.Println("the value from the curl command to delete registry in argocd is:", outb.String()) + if err != nil { + log.Panicf("error: curl app delete failed %s", err) + } +} diff --git a/internal/gitlab/gitlab.go b/internal/gitlab/gitlab.go index 8d2d3d208..7d84c9e5e 100644 --- a/internal/gitlab/gitlab.go +++ b/internal/gitlab/gitlab.go @@ -1,396 +1,397 @@ package gitlab import ( - "bytes" - "context" - "crypto/rand" - "crypto/rsa" - "crypto/x509" - b64 "encoding/base64" - "encoding/json" - "encoding/pem" - "fmt" - "html/template" - "log" - "net/http" - "net/url" - "os" - "strings" - "time" - - "github.com/ghodss/yaml" - "github.com/go-git/go-git/v5" - "github.com/go-git/go-git/v5/config" - "github.com/go-git/go-git/v5/plumbing/object" - gitHttp "github.com/go-git/go-git/v5/plumbing/transport/http" - "github.com/google/uuid" - "github.com/kubefirst/kubefirst/configs" - "github.com/kubefirst/kubefirst/internal/k8s" - "github.com/kubefirst/kubefirst/pkg" - "github.com/spf13/viper" - v1 "k8s.io/api/core/v1" - metaV1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/client-go/kubernetes" - "k8s.io/client-go/tools/clientcmd" - - "golang.org/x/crypto/ssh" + "bytes" + "context" + "crypto/rand" + "crypto/rsa" + "crypto/x509" + b64 "encoding/base64" + "encoding/json" + "encoding/pem" + "fmt" + "html/template" + "log" + "net/http" + "net/url" + "os" + "strings" + "time" + + "github.com/emirpasic/gods/utils" + "github.com/ghodss/yaml" + "github.com/go-git/go-git/v5" + "github.com/go-git/go-git/v5/config" + "github.com/go-git/go-git/v5/plumbing/object" + gitHttp "github.com/go-git/go-git/v5/plumbing/transport/http" + "github.com/google/uuid" + "github.com/kubefirst/kubefirst/configs" + "github.com/kubefirst/kubefirst/internal/k8s" + "github.com/kubefirst/kubefirst/pkg" + "github.com/spf13/viper" + v1 "k8s.io/api/core/v1" + metaV1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/kubernetes" + "k8s.io/client-go/tools/clientcmd" + + "golang.org/x/crypto/ssh" ) // GenerateKey generate public and private keys to be consumed by GitLab. func GenerateKey() (string, string, error) { - reader := rand.Reader - bitSize := 2048 - - key, err := rsa.GenerateKey(reader, bitSize) - if err != nil { - return "", "", err - } - - pub, err := ssh.NewPublicKey(key.Public()) - if err != nil { - return "", "", err - } - publicKey := string(ssh.MarshalAuthorizedKey(pub)) - // encode RSA key - privateKey := string(pem.EncodeToMemory( - &pem.Block{ - Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(key), - }, - )) - - return publicKey, privateKey, nil + reader := rand.Reader + bitSize := 2048 + + key, err := rsa.GenerateKey(reader, bitSize) + if err != nil { + return "", "", err + } + + pub, err := ssh.NewPublicKey(key.Public()) + if err != nil { + return "", "", err + } + publicKey := string(ssh.MarshalAuthorizedKey(pub)) + // encode RSA key + privateKey := string(pem.EncodeToMemory( + &pem.Block{ + Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(key), + }, + )) + + return publicKey, privateKey, nil } func GitlabGeneratePersonalAccessToken(gitlabPodName string) { - config := configs.ReadConfig() + config := configs.ReadConfig() - log.Println("generating gitlab personal access token on pod: ", gitlabPodName) + log.Println("generating gitlab personal access token on pod: ", gitlabPodName) - id := uuid.New() - gitlabToken := id.String()[:20] + id := uuid.New() + gitlabToken := id.String()[:20] - _, _, err := pkg.ExecShellReturnStrings(config.KubectlClientPath, "--kubeconfig", config.KubeConfigPath, "-n", "gitlab", "exec", gitlabPodName, "--", "gitlab-rails", "runner", fmt.Sprintf("token = User.find_by_username('root').personal_access_tokens.create(scopes: [:write_registry, :write_repository, :api], name: 'Automation token'); token.set_token('%s'); token.save!", gitlabToken)) - if err != nil { - log.Panicf("error running exec against %s to generate gitlab personal access token for root user", gitlabPodName) - } + _, _, err := pkg.ExecShellReturnStrings(config.KubectlClientPath, "--kubeconfig", config.KubeConfigPath, "-n", "gitlab", "exec", gitlabPodName, "--", "gitlab-rails", "runner", fmt.Sprintf("token = User.find_by_username('root').personal_access_tokens.create(scopes: [:write_registry, :write_repository, :api], name: 'Automation token'); token.set_token('%s'); token.save!", gitlabToken)) + if err != nil { + log.Panicf("error running exec against %s to generate gitlab personal access token for root user", gitlabPodName) + } - viper.Set("gitlab.token", gitlabToken) - viper.WriteConfig() + viper.Set("gitlab.token", gitlabToken) + viper.WriteConfig() - log.Println("gitlab personal access token generated", gitlabToken) + log.Println("gitlab personal access token generated", gitlabToken) } func PushGitOpsToGitLab(dryRun bool) { - cfg := configs.ReadConfig() - if dryRun { - log.Printf("[#99] Dry-run mode, PushGitOpsToGitLab skipped.") - return - } - - //TODO: should this step to be skipped if already executed? - domain := viper.GetString("aws.hostedzonename") - - pkg.Detokenize(fmt.Sprintf("%s/gitops", cfg.K1FolderPath)) - directory := fmt.Sprintf("%s/gitops", cfg.K1FolderPath) - - repo, err := git.PlainOpen(directory) - if err != nil { - log.Panicf("error opening the directory %s: %s", directory, err) - } - - upstream := fmt.Sprintf("https://gitlab.%s/kubefirst/gitops.git", domain) - log.Println("git remote add gitlab at url", upstream) - - _, err = repo.CreateRemote(&config.RemoteConfig{ - Name: "gitlab", - URLs: []string{upstream}, - }) - if err != nil { - log.Println("Error creating remote repo:", err) - } - w, _ := repo.Worktree() - - os.RemoveAll(directory + "/terraform/base/.terraform") - os.RemoveAll(directory + "/terraform/gitlab/.terraform") - os.RemoveAll(directory + "/terraform/vault/.terraform") - - log.Println("Committing new changes...") - w.Add(".") - _, err = w.Commit("setting new remote upstream to gitlab", &git.CommitOptions{ - Author: &object.Signature{ - Name: "kubefirst-bot", - Email: "kubefirst-bot@kubefirst.com", - When: time.Now(), - }, - }) - if err != nil { - log.Panicf("error committing changes %s", err) - } - - log.Println("setting auth...") - // auth, _ := publicKey() - // auth.HostKeyCallback = ssh2.InsecureIgnoreHostKey() - - auth := &gitHttp.BasicAuth{ - Username: "root", - Password: viper.GetString("gitlab.token"), - } - - err = repo.Push(&git.PushOptions{ - RemoteName: "gitlab", - Auth: auth, - }) - if err != nil { - log.Panicf("error pushing to remote %s", err) - } + cfg := configs.ReadConfig() + if dryRun { + log.Printf("[#99] Dry-run mode, PushGitOpsToGitLab skipped.") + return + } + + //TODO: should this step to be skipped if already executed? + domain := viper.GetString("aws.hostedzonename") + + pkg.Detokenize(fmt.Sprintf("%s/gitops", cfg.K1FolderPath)) + directory := fmt.Sprintf("%s/gitops", cfg.K1FolderPath) + + repo, err := git.PlainOpen(directory) + if err != nil { + log.Panicf("error opening the directory %s: %s", directory, err) + } + + upstream := fmt.Sprintf("https://gitlab.%s/kubefirst/gitops.git", domain) + log.Println("git remote add gitlab at url", upstream) + + _, err = repo.CreateRemote(&config.RemoteConfig{ + Name: "gitlab", + URLs: []string{upstream}, + }) + if err != nil { + log.Println("Error creating remote repo:", err) + } + w, _ := repo.Worktree() + + os.RemoveAll(directory + "/terraform/base/.terraform") + os.RemoveAll(directory + "/terraform/gitlab/.terraform") + os.RemoveAll(directory + "/terraform/vault/.terraform") + + log.Println("Committing new changes...") + w.Add(".") + _, err = w.Commit("setting new remote upstream to gitlab", &git.CommitOptions{ + Author: &object.Signature{ + Name: "kubefirst-bot", + Email: "kubefirst-bot@kubefirst.com", + When: time.Now(), + }, + }) + if err != nil { + log.Panicf("error committing changes %s", err) + } + + log.Println("setting auth...") + // auth, _ := publicKey() + // auth.HostKeyCallback = ssh2.InsecureIgnoreHostKey() + + auth := &gitHttp.BasicAuth{ + Username: "root", + Password: viper.GetString("gitlab.token"), + } + + err = repo.Push(&git.PushOptions{ + RemoteName: "gitlab", + Auth: auth, + }) + if err != nil { + log.Panicf("error pushing to remote %s", err) + } } func AwaitGitlab(dryRun bool) { - log.Println("AwaitGitlab called") - if dryRun { - log.Printf("[#99] Dry-run mode, AwaitGitlab skipped.") - return - } - max := 200 - for i := 0; i < max; i++ { - hostedZoneName := viper.GetString("aws.hostedzonename") - resp, _ := http.Get(fmt.Sprintf("https://gitlab.%s", hostedZoneName)) - if resp != nil && resp.StatusCode == 200 { - log.Println("gitlab host resolved, 30 second grace period required...") - time.Sleep(time.Second * 30) - i = max - } else { - log.Println("gitlab host not resolved, sleeping 10s") - time.Sleep(time.Second * 10) - } - } + log.Println("AwaitGitlab called") + if dryRun { + log.Printf("[#99] Dry-run mode, AwaitGitlab skipped.") + return + } + max := 200 + for i := 0; i < max; i++ { + hostedZoneName := viper.GetString("aws.hostedzonename") + resp, _ := http.Get(fmt.Sprintf("https://gitlab.%s", hostedZoneName)) + if resp != nil && resp.StatusCode == 200 { + log.Println("gitlab host resolved, 30 second grace period required...") + time.Sleep(time.Second * 30) + i = max + } else { + log.Println("gitlab host not resolved, sleeping 10s") + time.Sleep(time.Second * 10) + } + } } func ProduceGitlabTokens(dryRun bool) { - //TODO: Should this step be skipped if already executed? - config := configs.ReadConfig() - k8sConfig, err := clientcmd.BuildConfigFromFlags("", config.KubeConfigPath) - if err != nil { - log.Panic(err.Error()) - } - clientset, err := kubernetes.NewForConfig(k8sConfig) - if err != nil { - log.Panic(err.Error()) - } - log.Println("discovering gitlab toolbox pod") - if dryRun { - log.Printf("[#99] Dry-run mode, ProduceGitlabTokens skipped.") - return - } - time.Sleep(30 * time.Second) - // todo: move it to config - k8s.ArgocdSecretClient = clientset.CoreV1().Secrets("argocd") + //TODO: Should this step be skipped if already executed? + config := configs.ReadConfig() + k8sConfig, err := clientcmd.BuildConfigFromFlags("", config.KubeConfigPath) + if err != nil { + log.Panic(err.Error()) + } + clientset, err := kubernetes.NewForConfig(k8sConfig) + if err != nil { + log.Panic(err.Error()) + } + log.Println("discovering gitlab toolbox pod") + if dryRun { + log.Printf("[#99] Dry-run mode, ProduceGitlabTokens skipped.") + return + } + time.Sleep(30 * time.Second) + // todo: move it to config + k8s.ArgocdSecretClient = clientset.CoreV1().Secrets("argocd") - argocdPassword := k8s.GetSecretValue(k8s.ArgocdSecretClient, "argocd-initial-admin-secret", "password") + argocdPassword := k8s.GetSecretValue(k8s.ArgocdSecretClient, "argocd-initial-admin-secret", "password") - viper.Set("argocd.admin.password", argocdPassword) - viper.WriteConfig() + viper.Set("argocd.admin.password", argocdPassword) + viper.WriteConfig() - log.Println("discovering gitlab toolbox pod") + log.Println("discovering gitlab toolbox pod") - gitlabPodClient := clientset.CoreV1().Pods("gitlab") - gitlabPodName := k8s.GetPodNameByLabel(gitlabPodClient, "app=toolbox") + gitlabPodClient := clientset.CoreV1().Pods("gitlab") + gitlabPodName := k8s.GetPodNameByLabel(gitlabPodClient, "app=toolbox") - k8s.GitlabSecretClient = clientset.CoreV1().Secrets("gitlab") - secrets, err := k8s.GitlabSecretClient.List(context.TODO(), metaV1.ListOptions{}) + k8s.GitlabSecretClient = clientset.CoreV1().Secrets("gitlab") + secrets, err := k8s.GitlabSecretClient.List(context.TODO(), metaV1.ListOptions{}) - var gitlabRootPasswordSecretName string + var gitlabRootPasswordSecretName string - for _, secret := range secrets.Items { - if strings.Contains(secret.Name, "initial-root-password") { - gitlabRootPasswordSecretName = secret.Name - log.Println("gitlab initial root password secret name: ", gitlabRootPasswordSecretName) - } - } - gitlabRootPassword := k8s.GetSecretValue(k8s.GitlabSecretClient, gitlabRootPasswordSecretName, "password") + for _, secret := range secrets.Items { + if strings.Contains(secret.Name, "initial-root-password") { + gitlabRootPasswordSecretName = secret.Name + log.Println("gitlab initial root password secret name: ", gitlabRootPasswordSecretName) + } + } + gitlabRootPassword := k8s.GetSecretValue(k8s.GitlabSecretClient, gitlabRootPasswordSecretName, "password") - viper.Set("gitlab.podname", gitlabPodName) - viper.Set("gitlab.root.password", gitlabRootPassword) - viper.WriteConfig() + viper.Set("gitlab.podname", gitlabPodName) + viper.Set("gitlab.root.password", gitlabRootPassword) + viper.WriteConfig() - gitlabToken := viper.GetString("gitlab.token") + gitlabToken := viper.GetString("gitlab.token") - if gitlabToken == "" { + if gitlabToken == "" { - log.Println("generating gitlab personal access token") - GitlabGeneratePersonalAccessToken(gitlabPodName) + log.Println("generating gitlab personal access token") + GitlabGeneratePersonalAccessToken(gitlabPodName) - } + } - gitlabRunnerToken := viper.GetString("gitlab.runnertoken") + gitlabRunnerToken := viper.GetString("gitlab.runnertoken") - if gitlabRunnerToken == "" { + if gitlabRunnerToken == "" { - log.Println("getting gitlab runner token") - gitlabRunnerRegistrationToken := k8s.GetSecretValue(k8s.GitlabSecretClient, "gitlab-gitlab-runner-secret", "runner-registration-token") - viper.Set("gitlab.runnertoken", gitlabRunnerRegistrationToken) - viper.WriteConfig() - } + log.Println("getting gitlab runner token") + gitlabRunnerRegistrationToken := k8s.GetSecretValue(k8s.GitlabSecretClient, "gitlab-gitlab-runner-secret", "runner-registration-token") + viper.Set("gitlab.runnertoken", gitlabRunnerRegistrationToken) + viper.WriteConfig() + } } func ApplyGitlabTerraform(dryRun bool, directory string) { - config := configs.ReadConfig() - - if !viper.GetBool("create.terraformapplied.gitlab") { - log.Println("Executing applyGitlabTerraform") - if dryRun { - log.Printf("[#99] Dry-run mode, applyGitlabTerraform skipped.") - return - } - //* AWS_SDK_LOAD_CONFIG=1 - //* https://registry.terraform.io/providers/hashicorp/aws/2.34.0/docs#shared-credentials-file - envs := map[string]string{} - envs["AWS_SDK_LOAD_CONFIG"] = "1" - envs["AWS_PROFILE"] = config.AwsProfile - // Prepare for terraform gitlab execution - envs["GITLAB_TOKEN"] = viper.GetString("gitlab.token") - envs["GITLAB_BASE_URL"] = viper.GetString("gitlab.local.service") - - directory = fmt.Sprintf("%s/gitops/terraform/gitlab", config.K1FolderPath) - err := os.Chdir(directory) - if err != nil { - log.Panic("error: could not change directory to " + directory) - } - err = pkg.ExecShellWithVars(envs, config.TerraformPath, "init") - if err != nil { - log.Panicf("error: terraform init for gitlab failed %s", err) - } - - err = pkg.ExecShellWithVars(envs, config.TerraformPath, "apply", "-auto-approve") - if err != nil { - log.Panicf("error: terraform apply for gitlab failed %s", err) - } - os.RemoveAll(fmt.Sprintf("%s/.terraform", directory)) - viper.Set("create.terraformapplied.gitlab", true) - viper.WriteConfig() - } else { - log.Println("Skipping: applyGitlabTerraform") - } + config := configs.ReadConfig() + + if !viper.GetBool("create.terraformapplied.gitlab") { + log.Println("Executing applyGitlabTerraform") + if dryRun { + log.Printf("[#99] Dry-run mode, applyGitlabTerraform skipped.") + return + } + //* AWS_SDK_LOAD_CONFIG=1 + //* https://registry.terraform.io/providers/hashicorp/aws/2.34.0/docs#shared-credentials-file + envs := map[string]string{} + envs["AWS_SDK_LOAD_CONFIG"] = "1" + envs["AWS_PROFILE"] = config.AwsProfile + // Prepare for terraform gitlab execution + envs["GITLAB_TOKEN"] = viper.GetString("gitlab.token") + envs["GITLAB_BASE_URL"] = viper.GetString("gitlab.local.service") + + directory = fmt.Sprintf("%s/gitops/terraform/gitlab", config.K1FolderPath) + err := os.Chdir(directory) + if err != nil { + log.Panic("error: could not change directory to " + directory) + } + err = pkg.ExecShellWithVars(envs, config.TerraformPath, "init") + if err != nil { + log.Panicf("error: terraform init for gitlab failed %s", err) + } + + err = pkg.ExecShellWithVars(envs, config.TerraformPath, "apply", "-auto-approve") + if err != nil { + log.Panicf("error: terraform apply for gitlab failed %s", err) + } + os.RemoveAll(fmt.Sprintf("%s/.terraform", directory)) + viper.Set("create.terraformapplied.gitlab", true) + viper.WriteConfig() + } else { + log.Println("Skipping: applyGitlabTerraform") + } } func GitlabKeyUpload(dryRun bool) { - // upload ssh public key - if !viper.GetBool("gitlab.keyuploaded") { - log.Println("Executing GitlabKeyUpload") - log.Println("uploading ssh public key for gitlab user") - if dryRun { - log.Printf("[#99] Dry-run mode, GitlabKeyUpload skipped.") - return - } - - os.Setenv("AWS_SDK_LOAD_CONFIG", "1") - os.Setenv("AWS_PROFILE", "starter") // todo this is an issue - - log.Println("uploading ssh public key to gitlab") - gitlabToken := viper.GetString("gitlab.token") - data := url.Values{ - "title": {"kubefirst"}, - "key": {viper.GetString("botpublickey")}, - } - - time.Sleep(10 * time.Second) // todo, build in a retry - - gitlabUrlBase := viper.GetString("gitlab.local.service") - - resp, err := http.PostForm(gitlabUrlBase+"/api/v4/user/keys?private_token="+gitlabToken, data) - if err != nil { - log.Fatal(err) - } - var res map[string]interface{} - json.NewDecoder(resp.Body).Decode(&res) - log.Println(res) - log.Println("ssh public key uploaded to gitlab") - viper.Set("gitlab.keyuploaded", true) - viper.WriteConfig() - } else { - log.Println("Skipping: GitlabKeyUpload") - log.Println("ssh public key already uploaded to gitlab") - } + // upload ssh public key + if !viper.GetBool("gitlab.keyuploaded") { + log.Println("Executing GitlabKeyUpload") + log.Println("uploading ssh public key for gitlab user") + if dryRun { + log.Printf("[#99] Dry-run mode, GitlabKeyUpload skipped.") + return + } + + os.Setenv("AWS_SDK_LOAD_CONFIG", "1") + os.Setenv("AWS_PROFILE", "starter") // todo this is an issue + + log.Println("uploading ssh public key to gitlab") + gitlabToken := viper.GetString("gitlab.token") + data := url.Values{ + "title": {"kubefirst"}, + "key": {viper.GetString("botpublickey")}, + } + + time.Sleep(10 * time.Second) // todo, build in a retry + + gitlabUrlBase := viper.GetString("gitlab.local.service") + + resp, err := http.PostForm(gitlabUrlBase+"/api/v4/user/keys?private_token="+gitlabToken, data) + if err != nil { + log.Fatal(err) + } + var res map[string]interface{} + json.NewDecoder(resp.Body).Decode(&res) + log.Println(res) + log.Println("ssh public key uploaded to gitlab") + viper.Set("gitlab.keyuploaded", true) + viper.WriteConfig() + } else { + log.Println("Skipping: GitlabKeyUpload") + log.Println("ssh public key already uploaded to gitlab") + } } func DestroyGitlabTerraform(skipGitlabTerraform bool) { - config := configs.ReadConfig() - envs := map[string]string{} - - envs["AWS_REGION"] = viper.GetString("aws.region") - envs["AWS_ACCOUNT_ID"] = viper.GetString("aws.accountid") - envs["HOSTED_ZONE_NAME"] = viper.GetString("aws.hostedzonename") - envs["GITLAB_TOKEN"] = viper.GetString("gitlab.token") - - envs["TF_VAR_aws_account_id"] = viper.GetString("aws.accountid") - envs["TF_VAR_aws_region"] = viper.GetString("aws.region") - envs["TF_VAR_hosted_zone_name"] = viper.GetString("aws.hostedzonename") - - directory := fmt.Sprintf("%s/gitops/terraform/gitlab", config.K1FolderPath) - err := os.Chdir(directory) - if err != nil { - log.Panicf("error: could not change directory to " + directory) - } - - envs["GITLAB_BASE_URL"] = viper.GetString("gitlab.local.service") - - if !skipGitlabTerraform { - err = pkg.ExecShellWithVars(envs, config.TerraformPath, "init") - if err != nil { - log.Panicf("failed to terraform init gitlab %s", err) - } - - err = pkg.ExecShellWithVars(envs, config.TerraformPath, "destroy", "-auto-approve") - if err != nil { - log.Panicf("failed to terraform destroy gitlab %s", err) - } - - viper.Set("destroy.terraformdestroy.gitlab", true) - viper.WriteConfig() - } else { - log.Println("skip: DestroyGitlabTerraform") - } + config := configs.ReadConfig() + envs := map[string]string{} + + envs["AWS_REGION"] = viper.GetString("aws.region") + envs["AWS_ACCOUNT_ID"] = viper.GetString("aws.accountid") + envs["HOSTED_ZONE_NAME"] = viper.GetString("aws.hostedzonename") + envs["GITLAB_TOKEN"] = viper.GetString("gitlab.token") + + envs["TF_VAR_aws_account_id"] = viper.GetString("aws.accountid") + envs["TF_VAR_aws_region"] = viper.GetString("aws.region") + envs["TF_VAR_hosted_zone_name"] = viper.GetString("aws.hostedzonename") + + directory := fmt.Sprintf("%s/gitops/terraform/gitlab", config.K1FolderPath) + err := os.Chdir(directory) + if err != nil { + log.Panicf("error: could not change directory to " + directory) + } + + envs["GITLAB_BASE_URL"] = viper.GetString("gitlab.local.service") + + if !skipGitlabTerraform { + err = pkg.ExecShellWithVars(envs, config.TerraformPath, "init") + if err != nil { + log.Panicf("failed to terraform init gitlab %s", err) + } + + err = pkg.ExecShellWithVars(envs, config.TerraformPath, "destroy", "-auto-approve") + if err != nil { + log.Panicf("failed to terraform destroy gitlab %s", err) + } + + viper.Set("destroy.terraformdestroy.gitlab", true) + viper.WriteConfig() + } else { + log.Println("skip: DestroyGitlabTerraform") + } } func ChangeRegistryToGitLab(dryRun bool) { - config := configs.ReadConfig() - - if dryRun { - log.Printf("[#99] Dry-run mode, ChangeRegistryToGitLab skipped.") - return - } - - type ArgocdGitCreds struct { - PersonalAccessToken string - URL string - FullURL string - } - - pat := b64.StdEncoding.EncodeToString([]byte(viper.GetString("gitlab.token"))) - url := b64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("https://gitlab.%s/kubefirst/", viper.GetString("aws.hostedzonename")))) - fullurl := b64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("https://gitlab.%s/kubefirst/gitops.git", viper.GetString("aws.hostedzonename")))) - - creds := ArgocdGitCreds{PersonalAccessToken: pat, URL: url, FullURL: fullurl} - - var argocdRepositoryAccessTokenSecret *v1.Secret - k8sConfig, err := clientcmd.BuildConfigFromFlags("", config.KubeConfigPath) - if err != nil { - log.Panicf("error getting client from kubeconfig") - } - clientset, err := kubernetes.NewForConfig(k8sConfig) - if err != nil { - log.Panicf("error getting kubeconfig for clientset") - } - k8s.ArgocdSecretClient = clientset.CoreV1().Secrets("argocd") - - var secrets bytes.Buffer - - c, err := template.New("creds-gitlab").Parse(` + config := configs.ReadConfig() + + if dryRun { + log.Printf("[#99] Dry-run mode, ChangeRegistryToGitLab skipped.") + return + } + + type ArgocdGitCreds struct { + PersonalAccessToken string + URL string + FullURL string + } + + pat := b64.StdEncoding.EncodeToString([]byte(viper.GetString("gitlab.token"))) + url := b64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("https://gitlab.%s/kubefirst/", viper.GetString("aws.hostedzonename")))) + fullurl := b64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("https://gitlab.%s/kubefirst/gitops.git", viper.GetString("aws.hostedzonename")))) + + creds := ArgocdGitCreds{PersonalAccessToken: pat, URL: url, FullURL: fullurl} + + var argocdRepositoryAccessTokenSecret *v1.Secret + k8sConfig, err := clientcmd.BuildConfigFromFlags("", config.KubeConfigPath) + if err != nil { + log.Panicf("error getting client from kubeconfig") + } + clientset, err := kubernetes.NewForConfig(k8sConfig) + if err != nil { + log.Panicf("error getting kubeconfig for clientset") + } + k8s.ArgocdSecretClient = clientset.CoreV1().Secrets("argocd") + + var secrets bytes.Buffer + + c, err := template.New("creds-gitlab").Parse(` apiVersion: v1 data: password: {{ .PersonalAccessToken }} @@ -406,24 +407,24 @@ func ChangeRegistryToGitLab(dryRun bool) { namespace: argocd type: Opaque `) - if err := c.Execute(&secrets, creds); err != nil { - log.Panicf("error executing golang template for git repository credentials template %s", err) - } + if err := c.Execute(&secrets, creds); err != nil { + log.Panicf("error executing golang template for git repository credentials template %s", err) + } - ba := []byte(secrets.String()) - err = yaml.Unmarshal(ba, &argocdRepositoryAccessTokenSecret) - if err != nil { - log.Println("error unmarshalling yaml during argocd repository secret create", err) - } + ba := []byte(secrets.String()) + err = yaml.Unmarshal(ba, &argocdRepositoryAccessTokenSecret) + if err != nil { + log.Println("error unmarshalling yaml during argocd repository secret create", err) + } - _, err = k8s.ArgocdSecretClient.Create(context.TODO(), argocdRepositoryAccessTokenSecret, metaV1.CreateOptions{}) - if err != nil { - log.Panicf("error creating argocd repository credentials template secret %s", err) - } + _, err = k8s.ArgocdSecretClient.Create(context.TODO(), argocdRepositoryAccessTokenSecret, metaV1.CreateOptions{}) + if err != nil { + log.Panicf("error creating argocd repository credentials template secret %s", err) + } - var repoSecrets bytes.Buffer + var repoSecrets bytes.Buffer - c, err = template.New("repo-gitlab").Parse(` + c, err = template.New("repo-gitlab").Parse(` apiVersion: v1 data: project: ZGVmYXVsdA== @@ -439,161 +440,205 @@ func ChangeRegistryToGitLab(dryRun bool) { namespace: argocd type: Opaque `) - if err := c.Execute(&repoSecrets, creds); err != nil { - log.Panicf("error executing golang template for gitops repository template %s", err) - } + if err := c.Execute(&repoSecrets, creds); err != nil { + log.Panicf("error executing golang template for gitops repository template %s", err) + } - ba = []byte(repoSecrets.String()) - err = yaml.Unmarshal(ba, &argocdRepositoryAccessTokenSecret) + ba = []byte(repoSecrets.String()) + err = yaml.Unmarshal(ba, &argocdRepositoryAccessTokenSecret) - _, err = k8s.ArgocdSecretClient.Create(context.TODO(), argocdRepositoryAccessTokenSecret, metaV1.CreateOptions{}) - if err != nil { - log.Panicf("error creating argocd repository connection secret %s", err) - } + _, err = k8s.ArgocdSecretClient.Create(context.TODO(), argocdRepositoryAccessTokenSecret, metaV1.CreateOptions{}) + if err != nil { + log.Panicf("error creating argocd repository connection secret %s", err) + } - _, _, err = pkg.ExecShellReturnStrings(config.KubectlClientPath, "--kubeconfig", config.KubeConfigPath, "-n", "argocd", "apply", "-f", fmt.Sprintf("%s/gitops/components/gitlab/argocd-adopts-gitlab.yaml", config.K1FolderPath)) - if err != nil { - log.Panicf("failed to call execute kubectl apply of argocd patch to adopt gitlab: %s", err) - } + // curl -X 'DELETE' \ + // 'https://$ARGO_ADDRESS/api/v1/applications/registry?cascade=false' \ + // -H 'accept: application/json' + + + _, _, err = pkg.ExecShellReturnStrings(config.KubectlClientPath, "--kubeconfig", config.KubeConfigPath, "-n", "argocd", "apply", "-f", fmt.Sprintf("%s/gitops/components/gitlab/argocd-adopts-gitlab.yaml", config.K1FolderPath)) + if err != nil { + log.Panicf("failed to call execute kubectl apply of argocd patch to adopt gitlab: %s", err) + } } func HydrateGitlabMetaphorRepo(dryRun bool) { - cfg := configs.ReadConfig() - //TODO: Should this be skipped if already executed? - if !viper.GetBool("create.gitlabmetaphor.cloned") { - if dryRun { - log.Printf("[#99] Dry-run mode, hydrateGitlabMetaphorRepo skipped.") - return - } - - metaphorTemplateDir := fmt.Sprintf("%s/metaphor", cfg.K1FolderPath) - - url := "https://github.com/kubefirst/metaphor-template" - - metaphorTemplateRepo, err := git.PlainClone(metaphorTemplateDir, false, &git.CloneOptions{ - URL: url, - }) - if err != nil { - log.Panicf("error cloning metaphor-template repo") - } - viper.Set("create.gitlabmetaphor.cloned", true) - - pkg.Detokenize(metaphorTemplateDir) - - viper.Set("create.gitlabmetaphor.detokenized", true) - - // todo make global - gitlabURL := fmt.Sprintf("https://gitlab.%s", viper.GetString("aws.hostedzonename")) - log.Println("gitClient remote add origin", gitlabURL) - _, err = metaphorTemplateRepo.CreateRemote(&config.RemoteConfig{ - Name: "gitlab", - URLs: []string{fmt.Sprintf("%s/kubefirst/metaphor.gitClient", gitlabURL)}, - }) - - w, _ := metaphorTemplateRepo.Worktree() - - log.Println("Committing detokenized metaphor content") - w.Add(".") - w.Commit("setting new remote upstream to gitlab", &git.CommitOptions{ - Author: &object.Signature{ - Name: "kubefirst-bot", - Email: "kubefirst-bot@kubefirst.com", - When: time.Now(), - }, - }) - - err = metaphorTemplateRepo.Push(&git.PushOptions{ - RemoteName: "gitlab", - Auth: &gitHttp.BasicAuth{ - Username: "root", - Password: viper.GetString("gitlab.token"), - }, - }) - if err != nil { - log.Panicf("error pushing detokenized metaphor repository to remote at" + gitlabURL) - } - - viper.Set("create.gitlabmetaphor.pushed", true) - viper.WriteConfig() - } else { - log.Println("Skipping: hydrateGitlabMetaphorRepo") - } + cfg := configs.ReadConfig() + //TODO: Should this be skipped if already executed? + if !viper.GetBool("create.gitlabmetaphor.cloned") { + if dryRun { + log.Printf("[#99] Dry-run mode, hydrateGitlabMetaphorRepo skipped.") + return + } + + metaphorTemplateDir := fmt.Sprintf("%s/metaphor", cfg.K1FolderPath) + + url := "https://github.com/kubefirst/metaphor-template" + + metaphorTemplateRepo, err := git.PlainClone(metaphorTemplateDir, false, &git.CloneOptions{ + URL: url, + }) + if err != nil { + log.Panicf("error cloning metaphor-template repo") + } + viper.Set("create.gitlabmetaphor.cloned", true) + + pkg.Detokenize(metaphorTemplateDir) + + viper.Set("create.gitlabmetaphor.detokenized", true) + + // todo make global + gitlabURL := fmt.Sprintf("https://gitlab.%s", viper.GetString("aws.hostedzonename")) + log.Println("gitClient remote add origin", gitlabURL) + _, err = metaphorTemplateRepo.CreateRemote(&config.RemoteConfig{ + Name: "gitlab", + URLs: []string{fmt.Sprintf("%s/kubefirst/metaphor.gitClient", gitlabURL)}, + }) + + w, _ := metaphorTemplateRepo.Worktree() + + log.Println("Committing detokenized metaphor content") + w.Add(".") + w.Commit("setting new remote upstream to gitlab", &git.CommitOptions{ + Author: &object.Signature{ + Name: "kubefirst-bot", + Email: "kubefirst-bot@kubefirst.com", + When: time.Now(), + }, + }) + + err = metaphorTemplateRepo.Push(&git.PushOptions{ + RemoteName: "gitlab", + Auth: &gitHttp.BasicAuth{ + Username: "root", + Password: viper.GetString("gitlab.token"), + }, + }) + if err != nil { + log.Panicf("error pushing detokenized metaphor repository to remote at" + gitlabURL) + } + + viper.Set("create.gitlabmetaphor.pushed", true) + viper.WriteConfig() + } else { + log.Println("Skipping: hydrateGitlabMetaphorRepo") + } } // refactor: review it func PushGitRepo(dryRun bool, config *configs.Config, gitOrigin, repoName string) { - if dryRun { - log.Printf("[#99] Dry-run mode, PushGitRepo skipped.") - return - } - repoDir := fmt.Sprintf("%s/%s", config.K1FolderPath, repoName) - repo, err := git.PlainOpen(repoDir) - if err != nil { - log.Panicf("error opening repo %s: %s", repoName, err) - } - - // todo - fix opts := &git.PushOptions{uniqe, stuff} .Push(opts) ? - if gitOrigin == "soft" { - pkg.Detokenize(repoDir) - os.RemoveAll(repoDir + "/terraform/base/.terraform") - os.RemoveAll(repoDir + "/terraform/gitlab/.terraform") - os.RemoveAll(repoDir + "/terraform/vault/.terraform") - os.Remove(repoDir + "/terraform/base/.terraform.lock.hcl") - os.Remove(repoDir + "/terraform/gitlab/.terraform.lock.hcl") - CommitToRepo(repo, repoName) - auth, _ := pkg.PublicKey() - - auth.HostKeyCallback = ssh.InsecureIgnoreHostKey() - - err = repo.Push(&git.PushOptions{ - RemoteName: gitOrigin, - Auth: auth, - }) - if err != nil { - log.Panicf("error pushing detokenized %s repository to remote at %s", repoName, gitOrigin) - } - log.Printf("successfully pushed %s to soft-serve", repoName) - } - - if gitOrigin == "gitlab" { - pkg.Detokenize(repoDir) - os.RemoveAll(repoDir + "/terraform/base/.terraform") - os.RemoveAll(repoDir + "/terraform/gitlab/.terraform") - os.RemoveAll(repoDir + "/terraform/vault/.terraform") - os.Remove(repoDir + "/terraform/base/.terraform.lock.hcl") - os.Remove(repoDir + "/terraform/gitlab/.terraform.lock.hcl") - CommitToRepo(repo, repoName) - auth := &gitHttp.BasicAuth{ - Username: "root", - Password: viper.GetString("gitlab.token"), - } - err = repo.Push(&git.PushOptions{ - RemoteName: gitOrigin, - Auth: auth, - }) - if err != nil { - log.Panicf("error pushing detokenized %s repository to remote at %s", repoName, gitOrigin) - } - log.Printf("successfully pushed %s to gitlab", repoName) - } - - viper.Set(fmt.Sprintf("create.repos.%s.%s.pushed", gitOrigin, repoName), true) - viper.WriteConfig() + if dryRun { + log.Printf("[#99] Dry-run mode, PushGitRepo skipped.") + return + } + repoDir := fmt.Sprintf("%s/%s", config.K1FolderPath, repoName) + repo, err := git.PlainOpen(repoDir) + if err != nil { + log.Panicf("error opening repo %s: %s", repoName, err) + } + + // todo - fix opts := &git.PushOptions{uniqe, stuff} .Push(opts) ? + if gitOrigin == "soft" { + pkg.Detokenize(repoDir) + os.RemoveAll(repoDir + "/terraform/base/.terraform") + os.RemoveAll(repoDir + "/terraform/gitlab/.terraform") + os.RemoveAll(repoDir + "/terraform/vault/.terraform") + os.Remove(repoDir + "/terraform/base/.terraform.lock.hcl") + os.Remove(repoDir + "/terraform/gitlab/.terraform.lock.hcl") + CommitToRepo(repo, repoName) + auth, _ := pkg.PublicKey() + + auth.HostKeyCallback = ssh.InsecureIgnoreHostKey() + + err = repo.Push(&git.PushOptions{ + RemoteName: gitOrigin, + Auth: auth, + }) + if err != nil { + log.Panicf("error pushing detokenized %s repository to remote at %s", repoName, gitOrigin) + } + log.Printf("successfully pushed %s to soft-serve", repoName) + } + + if gitOrigin == "gitlab" { + registryFileContent := `apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: argocd-components + namespace: argocd + annotations: + argocd.argoproj.io/sync-wave: "100" +spec: + project: default + source: + repoURL: https://gitlab./kubefirst/gitops.git + path: components/argocd + targetRevision: HEAD + destination: + server: https://kubernetes.default.svc + namespace: argocd + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + retry: + limit: 5 + backoff: + duration: 5s + maxDuration: 5m0s + factor: 2` + file, err := os.Create(fmt.Sprintf("%s/gitops/registry/argocd.yaml", config.K1FolderPath)) + if err != nil { + log.Println(err) + } + _, err = file.WriteString(registryFileContent) + if err != nil { + log.Println(err) + } + + pkg.Detokenize(repoDir) + os.RemoveAll(repoDir + "/terraform/base/.terraform") + os.RemoveAll(repoDir + "/terraform/gitlab/.terraform") + os.RemoveAll(repoDir + "/terraform/vault/.terraform") + os.Remove(repoDir + "/terraform/base/.terraform.lock.hcl") + os.Remove(repoDir + "/terraform/gitlab/.terraform.lock.hcl") + + + CommitToRepo(repo, repoName) + auth := &gitHttp.BasicAuth{ + Username: "root", + Password: viper.GetString("gitlab.token"), + } + err = repo.Push(&git.PushOptions{ + RemoteName: gitOrigin, + Auth: auth, + }) + if err != nil { + log.Panicf("error pushing detokenized %s repository to remote at %s", repoName, gitOrigin) + } + log.Printf("successfully pushed %s to gitlab", repoName) + } + + viper.Set(fmt.Sprintf("create.repos.%s.%s.pushed", gitOrigin, repoName), true) + viper.WriteConfig() } // refactor: review it func CommitToRepo(repo *git.Repository, repoName string) { - w, _ := repo.Worktree() - - log.Println(fmt.Sprintf("committing detokenized %s kms key id", repoName)) - w.Add(".") - w.Commit(fmt.Sprintf("committing detokenized %s kms key id", repoName), &git.CommitOptions{ - Author: &object.Signature{ - Name: "kubefirst-bot", - Email: "kubefirst-bot@kubefirst.com", - When: time.Now(), - }, - }) + w, _ := repo.Worktree() + + log.Println(fmt.Sprintf("committing detokenized %s kms key id", repoName)) + w.Add(".") + w.Commit(fmt.Sprintf("committing detokenized %s kms key id", repoName), &git.CommitOptions{ + Author: &object.Signature{ + Name: "kubefirst-bot", + Email: "kubefirst-bot@kubefirst.com", + When: time.Now(), + }, + }) } diff --git a/pkg/keys.go b/pkg/keys.go index 21c4caf46..3dbae86aa 100644 --- a/pkg/keys.go +++ b/pkg/keys.go @@ -32,34 +32,6 @@ func CreateSshKeyPair() { privateKey := viper.GetString("botprivatekey") var argocdInitValuesYaml = []byte(fmt.Sprintf(` -server: - additionalApplications: - - name: registry - namespace: argocd - additionalLabels: {} - additionalAnnotations: {} - finalizers: - - resources-finalizer.argocd.argoproj.io - project: default - source: - repoURL: ssh://soft-serve.soft-serve.svc.cluster.local:22/gitops - targetRevision: HEAD - path: registry - destination: - server: https://kubernetes.default.svc - namespace: argocd - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true - retry: - limit: 5 - backoff: - duration: 5s - maxDuration: 5m0s - factor: 2 configs: repositories: soft-serve-gitops: From 73c30e67471ca54887d43fa0010586773c21948e Mon Sep 17 00:00:00 2001 From: johndietz Date: Mon, 18 Jul 2022 15:11:48 -0400 Subject: [PATCH 13/20] unused ref --- internal/gitlab/gitlab.go | 979 +++++++++++++++++++------------------- 1 file changed, 488 insertions(+), 491 deletions(-) diff --git a/internal/gitlab/gitlab.go b/internal/gitlab/gitlab.go index 7744083b1..d8573cd2b 100644 --- a/internal/gitlab/gitlab.go +++ b/internal/gitlab/gitlab.go @@ -1,172 +1,171 @@ package gitlab import ( - "bytes" - "context" - "crypto/rand" - "crypto/rsa" - "crypto/x509" - b64 "encoding/base64" - "encoding/json" - "encoding/pem" - "fmt" - "html/template" - "log" - "net/http" - "net/url" - "os" - "strings" - "time" - - "github.com/emirpasic/gods/utils" - "github.com/ghodss/yaml" - "github.com/go-git/go-git/v5" - "github.com/go-git/go-git/v5/config" - "github.com/go-git/go-git/v5/plumbing/object" - gitHttp "github.com/go-git/go-git/v5/plumbing/transport/http" - "github.com/google/uuid" - "github.com/kubefirst/kubefirst/configs" - "github.com/kubefirst/kubefirst/internal/k8s" - "github.com/kubefirst/kubefirst/pkg" - "github.com/spf13/viper" - v1 "k8s.io/api/core/v1" - metaV1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/client-go/kubernetes" - "k8s.io/client-go/tools/clientcmd" - - "golang.org/x/crypto/ssh" + "bytes" + "context" + "crypto/rand" + "crypto/rsa" + "crypto/x509" + b64 "encoding/base64" + "encoding/json" + "encoding/pem" + "fmt" + "html/template" + "log" + "net/http" + "net/url" + "os" + "strings" + "time" + + "github.com/ghodss/yaml" + "github.com/go-git/go-git/v5" + "github.com/go-git/go-git/v5/config" + "github.com/go-git/go-git/v5/plumbing/object" + gitHttp "github.com/go-git/go-git/v5/plumbing/transport/http" + "github.com/google/uuid" + "github.com/kubefirst/kubefirst/configs" + "github.com/kubefirst/kubefirst/internal/k8s" + "github.com/kubefirst/kubefirst/pkg" + "github.com/spf13/viper" + v1 "k8s.io/api/core/v1" + metaV1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/kubernetes" + "k8s.io/client-go/tools/clientcmd" + + "golang.org/x/crypto/ssh" ) // GenerateKey generate public and private keys to be consumed by GitLab. func GenerateKey() (string, string, error) { - reader := rand.Reader - bitSize := 2048 - - key, err := rsa.GenerateKey(reader, bitSize) - if err != nil { - return "", "", err - } - - pub, err := ssh.NewPublicKey(key.Public()) - if err != nil { - return "", "", err - } - publicKey := string(ssh.MarshalAuthorizedKey(pub)) - // encode RSA key - privateKey := string(pem.EncodeToMemory( - &pem.Block{ - Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(key), - }, - )) - - return publicKey, privateKey, nil + reader := rand.Reader + bitSize := 2048 + + key, err := rsa.GenerateKey(reader, bitSize) + if err != nil { + return "", "", err + } + + pub, err := ssh.NewPublicKey(key.Public()) + if err != nil { + return "", "", err + } + publicKey := string(ssh.MarshalAuthorizedKey(pub)) + // encode RSA key + privateKey := string(pem.EncodeToMemory( + &pem.Block{ + Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(key), + }, + )) + + return publicKey, privateKey, nil } func GitlabGeneratePersonalAccessToken(gitlabPodName string) { - config := configs.ReadConfig() + config := configs.ReadConfig() - log.Println("generating gitlab personal access token on pod: ", gitlabPodName) + log.Println("generating gitlab personal access token on pod: ", gitlabPodName) - id := uuid.New() - gitlabToken := id.String()[:20] + id := uuid.New() + gitlabToken := id.String()[:20] - _, _, err := pkg.ExecShellReturnStrings(config.KubectlClientPath, "--kubeconfig", config.KubeConfigPath, "-n", "gitlab", "exec", gitlabPodName, "--", "gitlab-rails", "runner", fmt.Sprintf("token = User.find_by_username('root').personal_access_tokens.create(scopes: [:write_registry, :write_repository, :api], name: 'Automation token'); token.set_token('%s'); token.save!", gitlabToken)) - if err != nil { - log.Panicf("error running exec against %s to generate gitlab personal access token for root user", gitlabPodName) - } + _, _, err := pkg.ExecShellReturnStrings(config.KubectlClientPath, "--kubeconfig", config.KubeConfigPath, "-n", "gitlab", "exec", gitlabPodName, "--", "gitlab-rails", "runner", fmt.Sprintf("token = User.find_by_username('root').personal_access_tokens.create(scopes: [:write_registry, :write_repository, :api], name: 'Automation token'); token.set_token('%s'); token.save!", gitlabToken)) + if err != nil { + log.Panicf("error running exec against %s to generate gitlab personal access token for root user", gitlabPodName) + } - viper.Set("gitlab.token", gitlabToken) - viper.WriteConfig() + viper.Set("gitlab.token", gitlabToken) + viper.WriteConfig() - log.Println("gitlab personal access token generated", gitlabToken) + log.Println("gitlab personal access token generated", gitlabToken) } func PushGitOpsToGitLab(dryRun bool) { - cfg := configs.ReadConfig() - if dryRun { - log.Printf("[#99] Dry-run mode, PushGitOpsToGitLab skipped.") - return - } - - //TODO: should this step to be skipped if already executed? - domain := viper.GetString("aws.hostedzonename") - - pkg.Detokenize(fmt.Sprintf("%s/gitops", cfg.K1FolderPath)) - directory := fmt.Sprintf("%s/gitops", cfg.K1FolderPath) - - repo, err := git.PlainOpen(directory) - if err != nil { - log.Panicf("error opening the directory %s: %s", directory, err) - } - - upstream := fmt.Sprintf("https://gitlab.%s/kubefirst/gitops.git", domain) - log.Println("git remote add gitlab at url", upstream) - - _, err = repo.CreateRemote(&config.RemoteConfig{ - Name: "gitlab", - URLs: []string{upstream}, - }) - if err != nil { - log.Println("Error creating remote repo:", err) - } - w, _ := repo.Worktree() - - os.RemoveAll(directory + "/terraform/base/.terraform") - os.RemoveAll(directory + "/terraform/gitlab/.terraform") - os.RemoveAll(directory + "/terraform/vault/.terraform") - - log.Println("Committing new changes...") - w.Add(".") - _, err = w.Commit("setting new remote upstream to gitlab", &git.CommitOptions{ - Author: &object.Signature{ - Name: "kubefirst-bot", - Email: "kubefirst-bot@kubefirst.com", - When: time.Now(), - }, - }) - if err != nil { - log.Panicf("error committing changes %s", err) - } - - log.Println("setting auth...") - // auth, _ := publicKey() - // auth.HostKeyCallback = ssh2.InsecureIgnoreHostKey() - - auth := &gitHttp.BasicAuth{ - Username: "root", - Password: viper.GetString("gitlab.token"), - } - - err = repo.Push(&git.PushOptions{ - RemoteName: "gitlab", - Auth: auth, - }) - if err != nil { - log.Panicf("error pushing to remote %s", err) - } + cfg := configs.ReadConfig() + if dryRun { + log.Printf("[#99] Dry-run mode, PushGitOpsToGitLab skipped.") + return + } + + //TODO: should this step to be skipped if already executed? + domain := viper.GetString("aws.hostedzonename") + + pkg.Detokenize(fmt.Sprintf("%s/gitops", cfg.K1FolderPath)) + directory := fmt.Sprintf("%s/gitops", cfg.K1FolderPath) + + repo, err := git.PlainOpen(directory) + if err != nil { + log.Panicf("error opening the directory %s: %s", directory, err) + } + + upstream := fmt.Sprintf("https://gitlab.%s/kubefirst/gitops.git", domain) + log.Println("git remote add gitlab at url", upstream) + + _, err = repo.CreateRemote(&config.RemoteConfig{ + Name: "gitlab", + URLs: []string{upstream}, + }) + if err != nil { + log.Println("Error creating remote repo:", err) + } + w, _ := repo.Worktree() + + os.RemoveAll(directory + "/terraform/base/.terraform") + os.RemoveAll(directory + "/terraform/gitlab/.terraform") + os.RemoveAll(directory + "/terraform/vault/.terraform") + + log.Println("Committing new changes...") + w.Add(".") + _, err = w.Commit("setting new remote upstream to gitlab", &git.CommitOptions{ + Author: &object.Signature{ + Name: "kubefirst-bot", + Email: "kubefirst-bot@kubefirst.com", + When: time.Now(), + }, + }) + if err != nil { + log.Panicf("error committing changes %s", err) + } + + log.Println("setting auth...") + // auth, _ := publicKey() + // auth.HostKeyCallback = ssh2.InsecureIgnoreHostKey() + + auth := &gitHttp.BasicAuth{ + Username: "root", + Password: viper.GetString("gitlab.token"), + } + + err = repo.Push(&git.PushOptions{ + RemoteName: "gitlab", + Auth: auth, + }) + if err != nil { + log.Panicf("error pushing to remote %s", err) + } } func AwaitGitlab(dryRun bool) { - log.Println("AwaitGitlab called") - if dryRun { - log.Printf("[#99] Dry-run mode, AwaitGitlab skipped.") - return - } - max := 200 - for i := 0; i < max; i++ { - hostedZoneName := viper.GetString("aws.hostedzonename") - resp, _ := http.Get(fmt.Sprintf("https://gitlab.%s", hostedZoneName)) - if resp != nil && resp.StatusCode == 200 { - log.Println("gitlab host resolved, 30 second grace period required...") - time.Sleep(time.Second * 30) - i = max - } else { - log.Println("gitlab host not resolved, sleeping 10s") - time.Sleep(time.Second * 10) - } - } + log.Println("AwaitGitlab called") + if dryRun { + log.Printf("[#99] Dry-run mode, AwaitGitlab skipped.") + return + } + max := 200 + for i := 0; i < max; i++ { + hostedZoneName := viper.GetString("aws.hostedzonename") + resp, _ := http.Get(fmt.Sprintf("https://gitlab.%s", hostedZoneName)) + if resp != nil && resp.StatusCode == 200 { + log.Println("gitlab host resolved, 30 second grace period required...") + time.Sleep(time.Second * 30) + i = max + } else { + log.Println("gitlab host not resolved, sleeping 10s") + time.Sleep(time.Second * 10) + } + } } func ProduceGitlabTokens(dryRun bool) { @@ -189,209 +188,209 @@ func ProduceGitlabTokens(dryRun bool) { // todo: move it to config k8s.ArgocdSecretClient = clientset.CoreV1().Secrets("argocd") - argocdPassword := k8s.GetSecretValue(k8s.ArgocdSecretClient, "argocd-initial-admin-secret", "password") + argocdPassword := k8s.GetSecretValue(k8s.ArgocdSecretClient, "argocd-initial-admin-secret", "password") - viper.Set("argocd.admin.password", argocdPassword) - viper.WriteConfig() + viper.Set("argocd.admin.password", argocdPassword) + viper.WriteConfig() - log.Println("discovering gitlab toolbox pod") + log.Println("discovering gitlab toolbox pod") - gitlabPodClient := clientset.CoreV1().Pods("gitlab") - gitlabPodName := k8s.GetPodNameByLabel(gitlabPodClient, "app=toolbox") + gitlabPodClient := clientset.CoreV1().Pods("gitlab") + gitlabPodName := k8s.GetPodNameByLabel(gitlabPodClient, "app=toolbox") - k8s.GitlabSecretClient = clientset.CoreV1().Secrets("gitlab") - secrets, err := k8s.GitlabSecretClient.List(context.TODO(), metaV1.ListOptions{}) + k8s.GitlabSecretClient = clientset.CoreV1().Secrets("gitlab") + secrets, err := k8s.GitlabSecretClient.List(context.TODO(), metaV1.ListOptions{}) - var gitlabRootPasswordSecretName string + var gitlabRootPasswordSecretName string - for _, secret := range secrets.Items { - if strings.Contains(secret.Name, "initial-root-password") { - gitlabRootPasswordSecretName = secret.Name - log.Println("gitlab initial root password secret name: ", gitlabRootPasswordSecretName) - } - } - gitlabRootPassword := k8s.GetSecretValue(k8s.GitlabSecretClient, gitlabRootPasswordSecretName, "password") + for _, secret := range secrets.Items { + if strings.Contains(secret.Name, "initial-root-password") { + gitlabRootPasswordSecretName = secret.Name + log.Println("gitlab initial root password secret name: ", gitlabRootPasswordSecretName) + } + } + gitlabRootPassword := k8s.GetSecretValue(k8s.GitlabSecretClient, gitlabRootPasswordSecretName, "password") - viper.Set("gitlab.podname", gitlabPodName) - viper.Set("gitlab.root.password", gitlabRootPassword) - viper.WriteConfig() + viper.Set("gitlab.podname", gitlabPodName) + viper.Set("gitlab.root.password", gitlabRootPassword) + viper.WriteConfig() - gitlabToken := viper.GetString("gitlab.token") + gitlabToken := viper.GetString("gitlab.token") - if gitlabToken == "" { + if gitlabToken == "" { - log.Println("generating gitlab personal access token") - GitlabGeneratePersonalAccessToken(gitlabPodName) + log.Println("generating gitlab personal access token") + GitlabGeneratePersonalAccessToken(gitlabPodName) - } + } - gitlabRunnerToken := viper.GetString("gitlab.runnertoken") + gitlabRunnerToken := viper.GetString("gitlab.runnertoken") - if gitlabRunnerToken == "" { + if gitlabRunnerToken == "" { - log.Println("getting gitlab runner token") - gitlabRunnerRegistrationToken := k8s.GetSecretValue(k8s.GitlabSecretClient, "gitlab-gitlab-runner-secret", "runner-registration-token") - viper.Set("gitlab.runnertoken", gitlabRunnerRegistrationToken) - viper.WriteConfig() - } + log.Println("getting gitlab runner token") + gitlabRunnerRegistrationToken := k8s.GetSecretValue(k8s.GitlabSecretClient, "gitlab-gitlab-runner-secret", "runner-registration-token") + viper.Set("gitlab.runnertoken", gitlabRunnerRegistrationToken) + viper.WriteConfig() + } } func ApplyGitlabTerraform(dryRun bool, directory string) { - config := configs.ReadConfig() - - if !viper.GetBool("create.terraformapplied.gitlab") { - log.Println("Executing applyGitlabTerraform") - if dryRun { - log.Printf("[#99] Dry-run mode, applyGitlabTerraform skipped.") - return - } - //* AWS_SDK_LOAD_CONFIG=1 - //* https://registry.terraform.io/providers/hashicorp/aws/2.34.0/docs#shared-credentials-file - envs := map[string]string{} - envs["AWS_SDK_LOAD_CONFIG"] = "1" - envs["AWS_PROFILE"] = config.AwsProfile - // Prepare for terraform gitlab execution - envs["GITLAB_TOKEN"] = viper.GetString("gitlab.token") - envs["GITLAB_BASE_URL"] = viper.GetString("gitlab.local.service") - - directory = fmt.Sprintf("%s/gitops/terraform/gitlab", config.K1FolderPath) - err := os.Chdir(directory) - if err != nil { - log.Panic("error: could not change directory to " + directory) - } - err = pkg.ExecShellWithVars(envs, config.TerraformPath, "init") - if err != nil { - log.Panicf("error: terraform init for gitlab failed %s", err) - } - - err = pkg.ExecShellWithVars(envs, config.TerraformPath, "apply", "-auto-approve") - if err != nil { - log.Panicf("error: terraform apply for gitlab failed %s", err) - } - os.RemoveAll(fmt.Sprintf("%s/.terraform", directory)) - viper.Set("create.terraformapplied.gitlab", true) - viper.WriteConfig() - } else { - log.Println("Skipping: applyGitlabTerraform") - } + config := configs.ReadConfig() + + if !viper.GetBool("create.terraformapplied.gitlab") { + log.Println("Executing applyGitlabTerraform") + if dryRun { + log.Printf("[#99] Dry-run mode, applyGitlabTerraform skipped.") + return + } + //* AWS_SDK_LOAD_CONFIG=1 + //* https://registry.terraform.io/providers/hashicorp/aws/2.34.0/docs#shared-credentials-file + envs := map[string]string{} + envs["AWS_SDK_LOAD_CONFIG"] = "1" + envs["AWS_PROFILE"] = config.AwsProfile + // Prepare for terraform gitlab execution + envs["GITLAB_TOKEN"] = viper.GetString("gitlab.token") + envs["GITLAB_BASE_URL"] = viper.GetString("gitlab.local.service") + + directory = fmt.Sprintf("%s/gitops/terraform/gitlab", config.K1FolderPath) + err := os.Chdir(directory) + if err != nil { + log.Panic("error: could not change directory to " + directory) + } + err = pkg.ExecShellWithVars(envs, config.TerraformPath, "init") + if err != nil { + log.Panicf("error: terraform init for gitlab failed %s", err) + } + + err = pkg.ExecShellWithVars(envs, config.TerraformPath, "apply", "-auto-approve") + if err != nil { + log.Panicf("error: terraform apply for gitlab failed %s", err) + } + os.RemoveAll(fmt.Sprintf("%s/.terraform", directory)) + viper.Set("create.terraformapplied.gitlab", true) + viper.WriteConfig() + } else { + log.Println("Skipping: applyGitlabTerraform") + } } func GitlabKeyUpload(dryRun bool) { - // upload ssh public key - if !viper.GetBool("gitlab.keyuploaded") { - log.Println("Executing GitlabKeyUpload") - log.Println("uploading ssh public key for gitlab user") - if dryRun { - log.Printf("[#99] Dry-run mode, GitlabKeyUpload skipped.") - return - } - - os.Setenv("AWS_SDK_LOAD_CONFIG", "1") - os.Setenv("AWS_PROFILE", "starter") // todo this is an issue - - log.Println("uploading ssh public key to gitlab") - gitlabToken := viper.GetString("gitlab.token") - data := url.Values{ - "title": {"kubefirst"}, - "key": {viper.GetString("botpublickey")}, - } - - time.Sleep(10 * time.Second) // todo, build in a retry - - gitlabUrlBase := viper.GetString("gitlab.local.service") - - resp, err := http.PostForm(gitlabUrlBase+"/api/v4/user/keys?private_token="+gitlabToken, data) - if err != nil { - log.Fatal(err) - } - var res map[string]interface{} - json.NewDecoder(resp.Body).Decode(&res) - log.Println(res) - log.Println("ssh public key uploaded to gitlab") - viper.Set("gitlab.keyuploaded", true) - viper.WriteConfig() - } else { - log.Println("Skipping: GitlabKeyUpload") - log.Println("ssh public key already uploaded to gitlab") - } + // upload ssh public key + if !viper.GetBool("gitlab.keyuploaded") { + log.Println("Executing GitlabKeyUpload") + log.Println("uploading ssh public key for gitlab user") + if dryRun { + log.Printf("[#99] Dry-run mode, GitlabKeyUpload skipped.") + return + } + + os.Setenv("AWS_SDK_LOAD_CONFIG", "1") + os.Setenv("AWS_PROFILE", "starter") // todo this is an issue + + log.Println("uploading ssh public key to gitlab") + gitlabToken := viper.GetString("gitlab.token") + data := url.Values{ + "title": {"kubefirst"}, + "key": {viper.GetString("botpublickey")}, + } + + time.Sleep(10 * time.Second) // todo, build in a retry + + gitlabUrlBase := viper.GetString("gitlab.local.service") + + resp, err := http.PostForm(gitlabUrlBase+"/api/v4/user/keys?private_token="+gitlabToken, data) + if err != nil { + log.Fatal(err) + } + var res map[string]interface{} + json.NewDecoder(resp.Body).Decode(&res) + log.Println(res) + log.Println("ssh public key uploaded to gitlab") + viper.Set("gitlab.keyuploaded", true) + viper.WriteConfig() + } else { + log.Println("Skipping: GitlabKeyUpload") + log.Println("ssh public key already uploaded to gitlab") + } } func DestroyGitlabTerraform(skipGitlabTerraform bool) { - config := configs.ReadConfig() - envs := map[string]string{} - - envs["AWS_REGION"] = viper.GetString("aws.region") - envs["AWS_ACCOUNT_ID"] = viper.GetString("aws.accountid") - envs["HOSTED_ZONE_NAME"] = viper.GetString("aws.hostedzonename") - envs["GITLAB_TOKEN"] = viper.GetString("gitlab.token") - - envs["TF_VAR_aws_account_id"] = viper.GetString("aws.accountid") - envs["TF_VAR_aws_region"] = viper.GetString("aws.region") - envs["TF_VAR_hosted_zone_name"] = viper.GetString("aws.hostedzonename") - - directory := fmt.Sprintf("%s/gitops/terraform/gitlab", config.K1FolderPath) - err := os.Chdir(directory) - if err != nil { - log.Panicf("error: could not change directory to " + directory) - } - - envs["GITLAB_BASE_URL"] = viper.GetString("gitlab.local.service") - - if !skipGitlabTerraform { - err = pkg.ExecShellWithVars(envs, config.TerraformPath, "init") - if err != nil { - log.Panicf("failed to terraform init gitlab %s", err) - } - - err = pkg.ExecShellWithVars(envs, config.TerraformPath, "destroy", "-auto-approve") - if err != nil { - log.Panicf("failed to terraform destroy gitlab %s", err) - } - - viper.Set("destroy.terraformdestroy.gitlab", true) - viper.WriteConfig() - } else { - log.Println("skip: DestroyGitlabTerraform") - } + config := configs.ReadConfig() + envs := map[string]string{} + + envs["AWS_REGION"] = viper.GetString("aws.region") + envs["AWS_ACCOUNT_ID"] = viper.GetString("aws.accountid") + envs["HOSTED_ZONE_NAME"] = viper.GetString("aws.hostedzonename") + envs["GITLAB_TOKEN"] = viper.GetString("gitlab.token") + + envs["TF_VAR_aws_account_id"] = viper.GetString("aws.accountid") + envs["TF_VAR_aws_region"] = viper.GetString("aws.region") + envs["TF_VAR_hosted_zone_name"] = viper.GetString("aws.hostedzonename") + + directory := fmt.Sprintf("%s/gitops/terraform/gitlab", config.K1FolderPath) + err := os.Chdir(directory) + if err != nil { + log.Panicf("error: could not change directory to " + directory) + } + + envs["GITLAB_BASE_URL"] = viper.GetString("gitlab.local.service") + + if !skipGitlabTerraform { + err = pkg.ExecShellWithVars(envs, config.TerraformPath, "init") + if err != nil { + log.Panicf("failed to terraform init gitlab %s", err) + } + + err = pkg.ExecShellWithVars(envs, config.TerraformPath, "destroy", "-auto-approve") + if err != nil { + log.Panicf("failed to terraform destroy gitlab %s", err) + } + + viper.Set("destroy.terraformdestroy.gitlab", true) + viper.WriteConfig() + } else { + log.Println("skip: DestroyGitlabTerraform") + } } func ChangeRegistryToGitLab(dryRun bool) { - config := configs.ReadConfig() - - if dryRun { - log.Printf("[#99] Dry-run mode, ChangeRegistryToGitLab skipped.") - return - } - - type ArgocdGitCreds struct { - PersonalAccessToken string - URL string - FullURL string - } - - pat := b64.StdEncoding.EncodeToString([]byte(viper.GetString("gitlab.token"))) - url := b64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("https://gitlab.%s/kubefirst/", viper.GetString("aws.hostedzonename")))) - fullurl := b64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("https://gitlab.%s/kubefirst/gitops.git", viper.GetString("aws.hostedzonename")))) - - creds := ArgocdGitCreds{PersonalAccessToken: pat, URL: url, FullURL: fullurl} - - var argocdRepositoryAccessTokenSecret *v1.Secret - k8sConfig, err := clientcmd.BuildConfigFromFlags("", config.KubeConfigPath) - if err != nil { - log.Panicf("error getting client from kubeconfig") - } - clientset, err := kubernetes.NewForConfig(k8sConfig) - if err != nil { - log.Panicf("error getting kubeconfig for clientset") - } - k8s.ArgocdSecretClient = clientset.CoreV1().Secrets("argocd") - - var secrets bytes.Buffer - - c, err := template.New("creds-gitlab").Parse(` + config := configs.ReadConfig() + + if dryRun { + log.Printf("[#99] Dry-run mode, ChangeRegistryToGitLab skipped.") + return + } + + type ArgocdGitCreds struct { + PersonalAccessToken string + URL string + FullURL string + } + + pat := b64.StdEncoding.EncodeToString([]byte(viper.GetString("gitlab.token"))) + url := b64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("https://gitlab.%s/kubefirst/", viper.GetString("aws.hostedzonename")))) + fullurl := b64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("https://gitlab.%s/kubefirst/gitops.git", viper.GetString("aws.hostedzonename")))) + + creds := ArgocdGitCreds{PersonalAccessToken: pat, URL: url, FullURL: fullurl} + + var argocdRepositoryAccessTokenSecret *v1.Secret + k8sConfig, err := clientcmd.BuildConfigFromFlags("", config.KubeConfigPath) + if err != nil { + log.Panicf("error getting client from kubeconfig") + } + clientset, err := kubernetes.NewForConfig(k8sConfig) + if err != nil { + log.Panicf("error getting kubeconfig for clientset") + } + k8s.ArgocdSecretClient = clientset.CoreV1().Secrets("argocd") + + var secrets bytes.Buffer + + c, err := template.New("creds-gitlab").Parse(` apiVersion: v1 data: password: {{ .PersonalAccessToken }} @@ -407,24 +406,24 @@ func ChangeRegistryToGitLab(dryRun bool) { namespace: argocd type: Opaque `) - if err := c.Execute(&secrets, creds); err != nil { - log.Panicf("error executing golang template for git repository credentials template %s", err) - } + if err := c.Execute(&secrets, creds); err != nil { + log.Panicf("error executing golang template for git repository credentials template %s", err) + } - ba := []byte(secrets.String()) - err = yaml.Unmarshal(ba, &argocdRepositoryAccessTokenSecret) - if err != nil { - log.Println("error unmarshalling yaml during argocd repository secret create", err) - } + ba := []byte(secrets.String()) + err = yaml.Unmarshal(ba, &argocdRepositoryAccessTokenSecret) + if err != nil { + log.Println("error unmarshalling yaml during argocd repository secret create", err) + } - _, err = k8s.ArgocdSecretClient.Create(context.TODO(), argocdRepositoryAccessTokenSecret, metaV1.CreateOptions{}) - if err != nil { - log.Panicf("error creating argocd repository credentials template secret %s", err) - } + _, err = k8s.ArgocdSecretClient.Create(context.TODO(), argocdRepositoryAccessTokenSecret, metaV1.CreateOptions{}) + if err != nil { + log.Panicf("error creating argocd repository credentials template secret %s", err) + } - var repoSecrets bytes.Buffer + var repoSecrets bytes.Buffer - c, err = template.New("repo-gitlab").Parse(` + c, err = template.New("repo-gitlab").Parse(` apiVersion: v1 data: project: ZGVmYXVsdA== @@ -440,131 +439,130 @@ func ChangeRegistryToGitLab(dryRun bool) { namespace: argocd type: Opaque `) - if err := c.Execute(&repoSecrets, creds); err != nil { - log.Panicf("error executing golang template for gitops repository template %s", err) - } - - ba = []byte(repoSecrets.String()) - err = yaml.Unmarshal(ba, &argocdRepositoryAccessTokenSecret) + if err := c.Execute(&repoSecrets, creds); err != nil { + log.Panicf("error executing golang template for gitops repository template %s", err) + } - _, err = k8s.ArgocdSecretClient.Create(context.TODO(), argocdRepositoryAccessTokenSecret, metaV1.CreateOptions{}) - if err != nil { - log.Panicf("error creating argocd repository connection secret %s", err) - } + ba = []byte(repoSecrets.String()) + err = yaml.Unmarshal(ba, &argocdRepositoryAccessTokenSecret) - // curl -X 'DELETE' \ - // 'https://$ARGO_ADDRESS/api/v1/applications/registry?cascade=false' \ - // -H 'accept: application/json' + _, err = k8s.ArgocdSecretClient.Create(context.TODO(), argocdRepositoryAccessTokenSecret, metaV1.CreateOptions{}) + if err != nil { + log.Panicf("error creating argocd repository connection secret %s", err) + } + // curl -X 'DELETE' \ + // 'https://$ARGO_ADDRESS/api/v1/applications/registry?cascade=false' \ + // -H 'accept: application/json' - _, _, err = pkg.ExecShellReturnStrings(config.KubectlClientPath, "--kubeconfig", config.KubeConfigPath, "-n", "argocd", "apply", "-f", fmt.Sprintf("%s/gitops/components/gitlab/argocd-adopts-gitlab.yaml", config.K1FolderPath)) - if err != nil { - log.Panicf("failed to call execute kubectl apply of argocd patch to adopt gitlab: %s", err) - } + _, _, err = pkg.ExecShellReturnStrings(config.KubectlClientPath, "--kubeconfig", config.KubeConfigPath, "-n", "argocd", "apply", "-f", fmt.Sprintf("%s/gitops/components/gitlab/argocd-adopts-gitlab.yaml", config.K1FolderPath)) + if err != nil { + log.Panicf("failed to call execute kubectl apply of argocd patch to adopt gitlab: %s", err) + } } func HydrateGitlabMetaphorRepo(dryRun bool) { - cfg := configs.ReadConfig() - //TODO: Should this be skipped if already executed? - if !viper.GetBool("create.gitlabmetaphor.cloned") { - if dryRun { - log.Printf("[#99] Dry-run mode, hydrateGitlabMetaphorRepo skipped.") - return - } - - metaphorTemplateDir := fmt.Sprintf("%s/metaphor", cfg.K1FolderPath) - - url := "https://github.com/kubefirst/metaphor-template" - - metaphorTemplateRepo, err := git.PlainClone(metaphorTemplateDir, false, &git.CloneOptions{ - URL: url, - }) - if err != nil { - log.Panicf("error cloning metaphor-template repo") - } - viper.Set("create.gitlabmetaphor.cloned", true) - - pkg.Detokenize(metaphorTemplateDir) - - viper.Set("create.gitlabmetaphor.detokenized", true) - - // todo make global - gitlabURL := fmt.Sprintf("https://gitlab.%s", viper.GetString("aws.hostedzonename")) - log.Println("gitClient remote add origin", gitlabURL) - _, err = metaphorTemplateRepo.CreateRemote(&config.RemoteConfig{ - Name: "gitlab", - URLs: []string{fmt.Sprintf("%s/kubefirst/metaphor.gitClient", gitlabURL)}, - }) - - w, _ := metaphorTemplateRepo.Worktree() - - log.Println("Committing detokenized metaphor content") - w.Add(".") - w.Commit("setting new remote upstream to gitlab", &git.CommitOptions{ - Author: &object.Signature{ - Name: "kubefirst-bot", - Email: "kubefirst-bot@kubefirst.com", - When: time.Now(), - }, - }) - - err = metaphorTemplateRepo.Push(&git.PushOptions{ - RemoteName: "gitlab", - Auth: &gitHttp.BasicAuth{ - Username: "root", - Password: viper.GetString("gitlab.token"), - }, - }) - if err != nil { - log.Panicf("error pushing detokenized metaphor repository to remote at" + gitlabURL) - } - - viper.Set("create.gitlabmetaphor.pushed", true) - viper.WriteConfig() - } else { - log.Println("Skipping: hydrateGitlabMetaphorRepo") - } + cfg := configs.ReadConfig() + //TODO: Should this be skipped if already executed? + if !viper.GetBool("create.gitlabmetaphor.cloned") { + if dryRun { + log.Printf("[#99] Dry-run mode, hydrateGitlabMetaphorRepo skipped.") + return + } + + metaphorTemplateDir := fmt.Sprintf("%s/metaphor", cfg.K1FolderPath) + + url := "https://github.com/kubefirst/metaphor-template" + + metaphorTemplateRepo, err := git.PlainClone(metaphorTemplateDir, false, &git.CloneOptions{ + URL: url, + }) + if err != nil { + log.Panicf("error cloning metaphor-template repo") + } + viper.Set("create.gitlabmetaphor.cloned", true) + + pkg.Detokenize(metaphorTemplateDir) + + viper.Set("create.gitlabmetaphor.detokenized", true) + + // todo make global + gitlabURL := fmt.Sprintf("https://gitlab.%s", viper.GetString("aws.hostedzonename")) + log.Println("gitClient remote add origin", gitlabURL) + _, err = metaphorTemplateRepo.CreateRemote(&config.RemoteConfig{ + Name: "gitlab", + URLs: []string{fmt.Sprintf("%s/kubefirst/metaphor.gitClient", gitlabURL)}, + }) + + w, _ := metaphorTemplateRepo.Worktree() + + log.Println("Committing detokenized metaphor content") + w.Add(".") + w.Commit("setting new remote upstream to gitlab", &git.CommitOptions{ + Author: &object.Signature{ + Name: "kubefirst-bot", + Email: "kubefirst-bot@kubefirst.com", + When: time.Now(), + }, + }) + + err = metaphorTemplateRepo.Push(&git.PushOptions{ + RemoteName: "gitlab", + Auth: &gitHttp.BasicAuth{ + Username: "root", + Password: viper.GetString("gitlab.token"), + }, + }) + if err != nil { + log.Panicf("error pushing detokenized metaphor repository to remote at" + gitlabURL) + } + + viper.Set("create.gitlabmetaphor.pushed", true) + viper.WriteConfig() + } else { + log.Println("Skipping: hydrateGitlabMetaphorRepo") + } } // refactor: review it func PushGitRepo(dryRun bool, config *configs.Config, gitOrigin, repoName string) { - if dryRun { - log.Printf("[#99] Dry-run mode, PushGitRepo skipped.") - return - } - repoDir := fmt.Sprintf("%s/%s", config.K1FolderPath, repoName) - repo, err := git.PlainOpen(repoDir) - if err != nil { - log.Panicf("error opening repo %s: %s", repoName, err) - } - - // todo - fix opts := &git.PushOptions{uniqe, stuff} .Push(opts) ? - if gitOrigin == "soft" { - pkg.Detokenize(repoDir) - os.RemoveAll(repoDir + "/terraform/base/.terraform") - os.RemoveAll(repoDir + "/terraform/gitlab/.terraform") - os.RemoveAll(repoDir + "/terraform/vault/.terraform") - os.Remove(repoDir + "/terraform/base/.terraform.lock.hcl") - os.Remove(repoDir + "/terraform/gitlab/.terraform.lock.hcl") - CommitToRepo(repo, repoName) - auth, _ := pkg.PublicKey() - - auth.HostKeyCallback = ssh.InsecureIgnoreHostKey() - - err = repo.Push(&git.PushOptions{ - RemoteName: gitOrigin, - Auth: auth, - }) - if err != nil { - log.Panicf("error pushing detokenized %s repository to remote at %s", repoName, gitOrigin) - } - log.Printf("successfully pushed %s to soft-serve", repoName) - } - - if gitOrigin == "gitlab" { - registryFileContent := `apiVersion: argoproj.io/v1alpha1 + if dryRun { + log.Printf("[#99] Dry-run mode, PushGitRepo skipped.") + return + } + repoDir := fmt.Sprintf("%s/%s", config.K1FolderPath, repoName) + repo, err := git.PlainOpen(repoDir) + if err != nil { + log.Panicf("error opening repo %s: %s", repoName, err) + } + + // todo - fix opts := &git.PushOptions{uniqe, stuff} .Push(opts) ? + if gitOrigin == "soft" { + pkg.Detokenize(repoDir) + os.RemoveAll(repoDir + "/terraform/base/.terraform") + os.RemoveAll(repoDir + "/terraform/gitlab/.terraform") + os.RemoveAll(repoDir + "/terraform/vault/.terraform") + os.Remove(repoDir + "/terraform/base/.terraform.lock.hcl") + os.Remove(repoDir + "/terraform/gitlab/.terraform.lock.hcl") + CommitToRepo(repo, repoName) + auth, _ := pkg.PublicKey() + + auth.HostKeyCallback = ssh.InsecureIgnoreHostKey() + + err = repo.Push(&git.PushOptions{ + RemoteName: gitOrigin, + Auth: auth, + }) + if err != nil { + log.Panicf("error pushing detokenized %s repository to remote at %s", repoName, gitOrigin) + } + log.Printf("successfully pushed %s to soft-serve", repoName) + } + + if gitOrigin == "gitlab" { + registryFileContent := `apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: argocd-components @@ -592,53 +590,52 @@ spec: duration: 5s maxDuration: 5m0s factor: 2` - file, err := os.Create(fmt.Sprintf("%s/gitops/registry/argocd.yaml", config.K1FolderPath)) - if err != nil { - log.Println(err) - } - _, err = file.WriteString(registryFileContent) - if err != nil { - log.Println(err) - } - - pkg.Detokenize(repoDir) - os.RemoveAll(repoDir + "/terraform/base/.terraform") - os.RemoveAll(repoDir + "/terraform/gitlab/.terraform") - os.RemoveAll(repoDir + "/terraform/vault/.terraform") - os.Remove(repoDir + "/terraform/base/.terraform.lock.hcl") - os.Remove(repoDir + "/terraform/gitlab/.terraform.lock.hcl") - - - CommitToRepo(repo, repoName) - auth := &gitHttp.BasicAuth{ - Username: "root", - Password: viper.GetString("gitlab.token"), - } - err = repo.Push(&git.PushOptions{ - RemoteName: gitOrigin, - Auth: auth, - }) - if err != nil { - log.Panicf("error pushing detokenized %s repository to remote at %s", repoName, gitOrigin) - } - log.Printf("successfully pushed %s to gitlab", repoName) - } - - viper.Set(fmt.Sprintf("create.repos.%s.%s.pushed", gitOrigin, repoName), true) - viper.WriteConfig() + file, err := os.Create(fmt.Sprintf("%s/gitops/registry/argocd.yaml", config.K1FolderPath)) + if err != nil { + log.Println(err) + } + _, err = file.WriteString(registryFileContent) + if err != nil { + log.Println(err) + } + + pkg.Detokenize(repoDir) + os.RemoveAll(repoDir + "/terraform/base/.terraform") + os.RemoveAll(repoDir + "/terraform/gitlab/.terraform") + os.RemoveAll(repoDir + "/terraform/vault/.terraform") + os.Remove(repoDir + "/terraform/base/.terraform.lock.hcl") + os.Remove(repoDir + "/terraform/gitlab/.terraform.lock.hcl") + + CommitToRepo(repo, repoName) + auth := &gitHttp.BasicAuth{ + Username: "root", + Password: viper.GetString("gitlab.token"), + } + err = repo.Push(&git.PushOptions{ + RemoteName: gitOrigin, + Auth: auth, + }) + if err != nil { + log.Panicf("error pushing detokenized %s repository to remote at %s", repoName, gitOrigin) + } + log.Printf("successfully pushed %s to gitlab", repoName) + } + + viper.Set(fmt.Sprintf("create.repos.%s.%s.pushed", gitOrigin, repoName), true) + viper.WriteConfig() } // refactor: review it func CommitToRepo(repo *git.Repository, repoName string) { - w, _ := repo.Worktree() - - log.Println(fmt.Sprintf("committing detokenized %s kms key id", repoName)) - w.Add(".") - w.Commit(fmt.Sprintf("committing detokenized %s kms key id", repoName), &git.CommitOptions{ - Author: &object.Signature{ - Name: "kubefirst-bot", - Email: "kubefirst-bot@kubefirst.com", - When: time.Now(), - }, - }) + w, _ := repo.Worktree() + + log.Println(fmt.Sprintf("committing detokenized %s kms key id", repoName)) + w.Add(".") + w.Commit(fmt.Sprintf("committing detokenized %s kms key id", repoName), &git.CommitOptions{ + Author: &object.Signature{ + Name: "kubefirst-bot", + Email: "kubefirst-bot@kubefirst.com", + When: time.Now(), + }, + }) } From a8880b2711748ac155393a4f8786373c12c7d216 Mon Sep 17 00:00:00 2001 From: johndietz Date: Mon, 18 Jul 2022 17:19:54 -0400 Subject: [PATCH 14/20] detokenization games --- internal/gitlab/gitlab.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/internal/gitlab/gitlab.go b/internal/gitlab/gitlab.go index d8573cd2b..6a546816e 100644 --- a/internal/gitlab/gitlab.go +++ b/internal/gitlab/gitlab.go @@ -572,7 +572,7 @@ metadata: spec: project: default source: - repoURL: https://gitlab./kubefirst/gitops.git + repoURL: ssh://soft-serve.soft-serve.svc.cluster.local:22/gitops path: components/argocd targetRevision: HEAD destination: @@ -598,6 +598,7 @@ spec: if err != nil { log.Println(err) } + file.Close() pkg.Detokenize(repoDir) os.RemoveAll(repoDir + "/terraform/base/.terraform") From e3672c47821b0dd3c6a99682117ff5cabb0cbc3f Mon Sep 17 00:00:00 2001 From: johndietz Date: Mon, 18 Jul 2022 18:06:21 -0400 Subject: [PATCH 15/20] add slash to .git/ on detokenize denylist --- pkg/helpers.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/helpers.go b/pkg/helpers.go index 6244888bf..a5b8dfd3b 100644 --- a/pkg/helpers.go +++ b/pkg/helpers.go @@ -31,7 +31,7 @@ func DetokenizeDirectory(path string, fi os.FileInfo, err error) error { return nil // } - if strings.Contains(path, ".gitClient") || strings.Contains(path, ".terraform") || strings.Contains(path, ".git") { + if strings.Contains(path, ".gitClient") || strings.Contains(path, ".terraform") || strings.Contains(path, ".git/") { return nil } From e7cc7f877af7f3172b38423d3aa9877d48ab6c2a Mon Sep 17 00:00:00 2001 From: johndietz Date: Mon, 18 Jul 2022 18:11:05 -0400 Subject: [PATCH 16/20] adding registry sync after gitlab gitops registry --- cmd/create.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/cmd/create.go b/cmd/create.go index 87af6bbb6..3366b5e7e 100644 --- a/cmd/create.go +++ b/cmd/create.go @@ -303,6 +303,13 @@ to quickly create a Cobra application.`, progressPrinter.IncrementTracker("step-post-gitlab", 1) // todo triage / force apply the contents adjusting // todo kind: Application .repoURL: + + informUser("Getting an argocd auth token") + token := argocd.GetArgocdAuthToken(dryRun) + + informUser("Syncing the registry application") + argocd.SyncArgocdApplication(dryRun, "registry", token) + viper.Set("gitlab.registered", true) viper.WriteConfig() } From ef75bf958357e3a6654f1550683905c13067b322 Mon Sep 17 00:00:00 2001 From: johndietz Date: Mon, 18 Jul 2022 18:25:29 -0400 Subject: [PATCH 17/20] terraform lock removal --- internal/gitlab/gitlab.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/internal/gitlab/gitlab.go b/internal/gitlab/gitlab.go index 6a546816e..378f41c99 100644 --- a/internal/gitlab/gitlab.go +++ b/internal/gitlab/gitlab.go @@ -545,6 +545,8 @@ func PushGitRepo(dryRun bool, config *configs.Config, gitOrigin, repoName string os.RemoveAll(repoDir + "/terraform/gitlab/.terraform") os.RemoveAll(repoDir + "/terraform/vault/.terraform") os.Remove(repoDir + "/terraform/base/.terraform.lock.hcl") + os.Remove(repoDir + "/terraform/vault/.terraform.lock.hcl") + os.Remove(repoDir + "/terraform/users/.terraform.lock.hcl") os.Remove(repoDir + "/terraform/gitlab/.terraform.lock.hcl") CommitToRepo(repo, repoName) auth, _ := pkg.PublicKey() @@ -605,6 +607,8 @@ spec: os.RemoveAll(repoDir + "/terraform/gitlab/.terraform") os.RemoveAll(repoDir + "/terraform/vault/.terraform") os.Remove(repoDir + "/terraform/base/.terraform.lock.hcl") + os.Remove(repoDir + "/terraform/vault/.terraform.lock.hcl") + os.Remove(repoDir + "/terraform/users/.terraform.lock.hcl") os.Remove(repoDir + "/terraform/gitlab/.terraform.lock.hcl") CommitToRepo(repo, repoName) From 19d12c9c6b85f7331844563574c963ce43d07d24 Mon Sep 17 00:00:00 2001 From: johndietz Date: Mon, 18 Jul 2022 19:00:07 -0400 Subject: [PATCH 18/20] adding argocd app host check and recycling/resyncing --- cmd/create.go | 22 +++++++++++++++++++--- internal/gitlab/gitlab.go | 12 ++++++------ 2 files changed, 25 insertions(+), 9 deletions(-) diff --git a/cmd/create.go b/cmd/create.go index 3366b5e7e..96384f02f 100644 --- a/cmd/create.go +++ b/cmd/create.go @@ -244,7 +244,7 @@ to quickly create a Cobra application.`, progressPrinter.IncrementTracker("step-post-gitlab", 1) informUser("Waiting for Gitlab dns to propagate before continuing") - gitlab.AwaitGitlab(dryRun) + gitlab.AwaitHost("gitlab", dryRun) progressPrinter.IncrementTracker("step-post-gitlab", 1) informUser("Pushing gitops repo to origin gitlab") @@ -304,12 +304,28 @@ to quickly create a Cobra application.`, // todo triage / force apply the contents adjusting // todo kind: Application .repoURL: + informUser("Waiting for argocd host to resolve") + gitlab.AwaitHost("argocd", dryRun) + cfg := configs.ReadConfig() + config, err := clientcmd.BuildConfigFromFlags("", cfg.KubeConfigPath) + if err != nil { + panic(err.Error()) + } + clientset, err := kubernetes.NewForConfig(config) + if err != nil { + panic(err.Error()) + } + argocdPodClient := clientset.CoreV1().Pods("argocd") + argocdPodName := k8s.GetPodNameByLabel(argocdPodClient, "app.kubernetes.io/name=argocd-server") + k8s.DeletePodByName(argocdPodClient, argocdPodName) + waitArgoCDToBeReady(dryRun) + informUser("Getting an argocd auth token") token := argocd.GetArgocdAuthToken(dryRun) - + informUser("Syncing the registry application") argocd.SyncArgocdApplication(dryRun, "registry", token) - + viper.Set("gitlab.registered", true) viper.WriteConfig() } diff --git a/internal/gitlab/gitlab.go b/internal/gitlab/gitlab.go index 378f41c99..664e91233 100644 --- a/internal/gitlab/gitlab.go +++ b/internal/gitlab/gitlab.go @@ -146,23 +146,23 @@ func PushGitOpsToGitLab(dryRun bool) { } -func AwaitGitlab(dryRun bool) { +func AwaitHost(appName string, dryRun bool) { - log.Println("AwaitGitlab called") + log.Println("AwaitHost called") if dryRun { - log.Printf("[#99] Dry-run mode, AwaitGitlab skipped.") + log.Printf("[#99] Dry-run mode, AwaitHost skipped.") return } max := 200 for i := 0; i < max; i++ { hostedZoneName := viper.GetString("aws.hostedzonename") - resp, _ := http.Get(fmt.Sprintf("https://gitlab.%s", hostedZoneName)) + resp, _ := http.Get(fmt.Sprintf("https://%s.%s", appName, hostedZoneName)) if resp != nil && resp.StatusCode == 200 { - log.Println("gitlab host resolved, 30 second grace period required...") + log.Println(fmt.Printf("%s host resolved, 30 second grace period required...", appName)) time.Sleep(time.Second * 30) i = max } else { - log.Println("gitlab host not resolved, sleeping 10s") + log.Println(fmt.Printf("%s host not resolved, sleeping 10s", appName)) time.Sleep(time.Second * 10) } } From 87ec0d78e918a01ea00e7abbe3837d0b8eafc5ae Mon Sep 17 00:00:00 2001 From: johndietz Date: Mon, 18 Jul 2022 21:37:34 -0400 Subject: [PATCH 19/20] addressinging orchestration issues from last run --- cmd/create.go | 219 +++++++++++++++++++++++++------------------------- 1 file changed, 109 insertions(+), 110 deletions(-) diff --git a/cmd/create.go b/cmd/create.go index 96384f02f..f69f5bf11 100644 --- a/cmd/create.go +++ b/cmd/create.go @@ -210,126 +210,125 @@ to quickly create a Cobra application.`, gitlab.GitlabKeyUpload(dryRun) informUser("Gitlab ready") progressPrinter.IncrementTracker("step-gitlab", 1) + } + if !skipVault { + + progressPrinter.AddTracker("step-vault", "Configure Vault", 4) + informUser("waiting for vault unseal") + /** + + */ + waitVaultToBeRunning(dryRun) + informUser("Vault running") + progressPrinter.IncrementTracker("step-vault", 1) + + waitForVaultUnseal(dryRun, config) + informUser("Vault unseal") + progressPrinter.IncrementTracker("step-vault", 1) + + log.Println("configuring vault") + vault.ConfigureVault(dryRun) + informUser("Vault configured") + progressPrinter.IncrementTracker("step-vault", 1) + + log.Println("creating vault configured secret") + createVaultConfiguredSecret(dryRun, config) + informUser("Vault secret created") + progressPrinter.IncrementTracker("step-vault", 1) + } - if !skipVault { - - progressPrinter.AddTracker("step-vault", "Configure Vault", 4) - informUser("waiting for vault unseal") - /** + if !viper.GetBool("gitlab.oidc-created") { + progressPrinter.AddTracker("step-post-gitlab", "Finalize Gitlab updates", 5) + vault.AddGitlabOidcApplications(dryRun) + informUser("Added Gitlab OIDC") + progressPrinter.IncrementTracker("step-post-gitlab", 1) - */ - waitVaultToBeRunning(dryRun) - informUser("Vault running") - progressPrinter.IncrementTracker("step-vault", 1) + informUser("Waiting for Gitlab dns to propagate before continuing") + gitlab.AwaitHost("gitlab", dryRun) + progressPrinter.IncrementTracker("step-post-gitlab", 1) - waitForVaultUnseal(dryRun, config) - informUser("Vault unseal") - progressPrinter.IncrementTracker("step-vault", 1) + informUser("Pushing gitops repo to origin gitlab") + // refactor: sounds like a new functions, should PushGitOpsToGitLab be renamed/update signature? + viper.Set("gitlab.oidc-created", true) + viper.WriteConfig() + } + if !viper.GetBool("gitlab.gitops-pushed") { + gitlab.PushGitRepo(dryRun, config, "gitlab", "gitops") // todo: need to handle if this was already pushed, errors on failure) + progressPrinter.IncrementTracker("step-post-gitlab", 1) + // todo: keep one of the two git push functions, they're similar, but not exactly the same + //gitlab.PushGitOpsToGitLab(dryRun) + viper.Set("gitlab.gitops-pushed", true) + viper.WriteConfig() + } + if !dryRun && !viper.GetBool("argocd.oidc-patched") { + cfg := configs.ReadConfig() + config, err := clientcmd.BuildConfigFromFlags("", cfg.KubeConfigPath) + if err != nil { + panic(err.Error()) + } + clientset, err := kubernetes.NewForConfig(config) + if err != nil { + panic(err.Error()) + } - log.Println("configuring vault") - vault.ConfigureVault(dryRun) - informUser("Vault configured") - progressPrinter.IncrementTracker("step-vault", 1) + argocdSecretClient = clientset.CoreV1().Secrets("argocd") + patchSecret(argocdSecretClient, "argocd-secret", "oidc.gitlab.clientSecret", viper.GetString("gitlab.oidc.argocd.secret")) - log.Println("creating vault configured secret") - createVaultConfiguredSecret(dryRun, config) - informUser("Vault secret created") - progressPrinter.IncrementTracker("step-vault", 1) + argocdPodClient := clientset.CoreV1().Pods("argocd") + argocdPodName := k8s.GetPodNameByLabel(argocdPodClient, "app.kubernetes.io/name=argocd-server") + k8s.DeletePodByName(argocdPodClient, argocdPodName) + viper.Set("argocd.oidc-patched", true) + viper.WriteConfig() + } + if !viper.GetBool("gitlab.metaphor-pushed") { + informUser("Pushing metaphor repo to origin gitlab") + gitlab.PushGitRepo(dryRun, config, "gitlab", "metaphor") + progressPrinter.IncrementTracker("step-post-gitlab", 1) + // todo: keep one of the two git push functions, they're similar, but not exactly the same + //gitlab.PushGitOpsToGitLab(dryRun) + viper.Set("gitlab.metaphor-pushed", true) + viper.WriteConfig() + } + if !viper.GetBool("gitlab.registered") { + // informUser("Getting ArgoCD auth token") + // token := argocd.GetArgocdAuthToken(dryRun) + // progressPrinter.IncrementTracker("step-post-gitlab", 1) + + // informUser("Detaching the registry application from softserve") + // argocd.DeleteArgocdApplicationNoCascade(dryRun, "registry", token) + // progressPrinter.IncrementTracker("step-post-gitlab", 1) + + informUser("Adding the registry application registered against gitlab") + gitlab.ChangeRegistryToGitLab(dryRun) + progressPrinter.IncrementTracker("step-post-gitlab", 1) + // todo triage / force apply the contents adjusting + // todo kind: Application .repoURL: + + // informUser("Waiting for argocd host to resolve") + // gitlab.AwaitHost("argocd", dryRun) + cfg := configs.ReadConfig() + config, err := clientcmd.BuildConfigFromFlags("", cfg.KubeConfigPath) + if err != nil { + panic(err.Error()) } + clientset, err := kubernetes.NewForConfig(config) + if err != nil { + panic(err.Error()) + } + argocdPodClient := clientset.CoreV1().Pods("argocd") + argocdPodName := k8s.GetPodNameByLabel(argocdPodClient, "app.kubernetes.io/name=argocd-server") + k8s.DeletePodByName(argocdPodClient, argocdPodName) + waitArgoCDToBeReady(dryRun) - if !viper.GetBool("gitlab.oidc-created") { - progressPrinter.AddTracker("step-post-gitlab", "Finalize Gitlab updates", 5) - vault.AddGitlabOidcApplications(dryRun) - informUser("Added Gitlab OIDC") - progressPrinter.IncrementTracker("step-post-gitlab", 1) + time.Sleep(time.Second * 30) - informUser("Waiting for Gitlab dns to propagate before continuing") - gitlab.AwaitHost("gitlab", dryRun) - progressPrinter.IncrementTracker("step-post-gitlab", 1) + informUser("Syncing the registry application") + argocd.SyncArgocdApplication(dryRun, "registry", viper.GetString("argocd.admin.apitoken")) - informUser("Pushing gitops repo to origin gitlab") - // refactor: sounds like a new functions, should PushGitOpsToGitLab be renamed/update signature? - viper.Set("gitlab.oidc-created", true) - viper.WriteConfig() - } - if !viper.GetBool("gitlab.gitops-pushed") { - gitlab.PushGitRepo(dryRun, config, "gitlab", "gitops") // todo: need to handle if this was already pushed, errors on failure) - progressPrinter.IncrementTracker("step-post-gitlab", 1) - // todo: keep one of the two git push functions, they're similar, but not exactly the same - //gitlab.PushGitOpsToGitLab(dryRun) - viper.Set("gitlab.gitops-pushed", true) - viper.WriteConfig() - } - if !dryRun && !viper.GetBool("argocd.oidc-patched") { - cfg := configs.ReadConfig() - config, err := clientcmd.BuildConfigFromFlags("", cfg.KubeConfigPath) - if err != nil { - panic(err.Error()) - } - clientset, err := kubernetes.NewForConfig(config) - if err != nil { - panic(err.Error()) - } - - argocdSecretClient = clientset.CoreV1().Secrets("argocd") - patchSecret(argocdSecretClient, "argocd-secret", "oidc.gitlab.clientSecret", viper.GetString("gitlab.oidc.argocd.secret")) - - argocdPodClient := clientset.CoreV1().Pods("argocd") - argocdPodName := k8s.GetPodNameByLabel(argocdPodClient, "app.kubernetes.io/name=argocd-server") - k8s.DeletePodByName(argocdPodClient, argocdPodName) - viper.Set("argocd.oidc-patched", true) - viper.WriteConfig() - } - if !viper.GetBool("gitlab.metaphor-pushed") { - informUser("Pushing metaphor repo to origin gitlab") - gitlab.PushGitRepo(dryRun, config, "gitlab", "metaphor") - progressPrinter.IncrementTracker("step-post-gitlab", 1) - // todo: keep one of the two git push functions, they're similar, but not exactly the same - //gitlab.PushGitOpsToGitLab(dryRun) - viper.Set("gitlab.metaphor-pushed", true) - viper.WriteConfig() - } - if !viper.GetBool("gitlab.registered") { - // informUser("Getting ArgoCD auth token") - // token := argocd.GetArgocdAuthToken(dryRun) - // progressPrinter.IncrementTracker("step-post-gitlab", 1) - - // informUser("Detaching the registry application from softserve") - // argocd.DeleteArgocdApplicationNoCascade(dryRun, "registry", token) - // progressPrinter.IncrementTracker("step-post-gitlab", 1) - - informUser("Adding the registry application registered against gitlab") - gitlab.ChangeRegistryToGitLab(dryRun) - progressPrinter.IncrementTracker("step-post-gitlab", 1) - // todo triage / force apply the contents adjusting - // todo kind: Application .repoURL: - - informUser("Waiting for argocd host to resolve") - gitlab.AwaitHost("argocd", dryRun) - cfg := configs.ReadConfig() - config, err := clientcmd.BuildConfigFromFlags("", cfg.KubeConfigPath) - if err != nil { - panic(err.Error()) - } - clientset, err := kubernetes.NewForConfig(config) - if err != nil { - panic(err.Error()) - } - argocdPodClient := clientset.CoreV1().Pods("argocd") - argocdPodName := k8s.GetPodNameByLabel(argocdPodClient, "app.kubernetes.io/name=argocd-server") - k8s.DeletePodByName(argocdPodClient, argocdPodName) - waitArgoCDToBeReady(dryRun) - - informUser("Getting an argocd auth token") - token := argocd.GetArgocdAuthToken(dryRun) - - informUser("Syncing the registry application") - argocd.SyncArgocdApplication(dryRun, "registry", token) - - viper.Set("gitlab.registered", true) - viper.WriteConfig() - } + viper.Set("gitlab.registered", true) + viper.WriteConfig() } + sendCompleteInstallTelemetry(dryRun) time.Sleep(time.Millisecond * 100) From 3e6606486a771671283f1644d1a17caed336b92d Mon Sep 17 00:00:00 2001 From: johndietz Date: Tue, 19 Jul 2022 01:18:04 -0400 Subject: [PATCH 20/20] port-forward fix --- cmd/argocdSync.go | 13 +++++++----- cmd/create.go | 53 +++++++++++++++++++++++++++++++++-------------- 2 files changed, 45 insertions(+), 21 deletions(-) diff --git a/cmd/argocdSync.go b/cmd/argocdSync.go index 797806803..38d19605a 100644 --- a/cmd/argocdSync.go +++ b/cmd/argocdSync.go @@ -1,9 +1,10 @@ package cmd import ( - "github.com/kubefirst/kubefirst/internal/argocd" "log" + "github.com/kubefirst/kubefirst/internal/argocd" + "github.com/spf13/cobra" "github.com/spf13/viper" ) @@ -20,10 +21,12 @@ This application is a tool to generate the needed files to quickly create a Cobra application.`, Run: func(cmd *cobra.Command, args []string) { - dryRun, err := cmd.Flags().GetBool("dry-run") - if err != nil { - log.Panic(err) - } + // dryRun, err := cmd.Flags().GetBool("dry-run") + // if err != nil { + // log.Panic(err) + // } + + dryRun := false log.Println("dry run enabled:", dryRun) diff --git a/cmd/create.go b/cmd/create.go index f69f5bf11..fbc6959f9 100644 --- a/cmd/create.go +++ b/cmd/create.go @@ -105,22 +105,22 @@ to quickly create a Cobra application.`, waitArgoCDToBeReady(dryRun) informUser("ArgoCD Ready") progressPrinter.IncrementTracker("step-argo", 1) - if !dryRun { - var kPortForwardArgocdOutb, kPortForwardArgocdErrb bytes.Buffer - kPortForwardArgocd := exec.Command(config.KubectlClientPath, "--kubeconfig", config.KubeConfigPath, "-n", "argocd", "port-forward", "svc/argocd-server", "8080:80") - kPortForwardArgocd.Stdout = &kPortForwardArgocdOutb - kPortForwardArgocd.Stderr = &kPortForwardArgocdErrb - err = kPortForwardArgocd.Start() - defer kPortForwardArgocd.Process.Signal(syscall.SIGTERM) - if err != nil { - log.Printf("Commad Execution STDOUT: %s", kPortForwardArgocdOutb.String()) - log.Printf("Commad Execution STDERR: %s", kPortForwardArgocdErrb.String()) - log.Panicf("error: failed to port-forward to argocd in main thread %s", err) - } - // log.Println("sleeping for 45 seconds, hurry up jared") - // time.Sleep(45 * time.Second) + var kPortForwardArgocdOutb, kPortForwardArgocdErrb bytes.Buffer + kPortForwardArgocd := exec.Command(config.KubectlClientPath, "--kubeconfig", config.KubeConfigPath, "-n", "argocd", "port-forward", "svc/argocd-server", "8080:80") + kPortForwardArgocd.Stdout = &kPortForwardArgocdOutb + kPortForwardArgocd.Stderr = &kPortForwardArgocdErrb + err = kPortForwardArgocd.Start() + defer kPortForwardArgocd.Process.Signal(syscall.SIGTERM) + if err != nil { + log.Printf("Commad Execution STDOUT: %s", kPortForwardArgocdOutb.String()) + log.Printf("Commad Execution STDERR: %s", kPortForwardArgocdErrb.String()) + log.Panicf("error: failed to port-forward to argocd in main thread %s", err) } + + // log.Println("sleeping for 45 seconds, hurry up jared") + // time.Sleep(45 * time.Second) + informUser(fmt.Sprintf("ArgoCD available at %s", viper.GetString("argocd.local.service"))) progressPrinter.IncrementTracker("step-argo", 1) @@ -317,13 +317,34 @@ to quickly create a Cobra application.`, } argocdPodClient := clientset.CoreV1().Pods("argocd") argocdPodName := k8s.GetPodNameByLabel(argocdPodClient, "app.kubernetes.io/name=argocd-server") + kPortForwardArgocd.Process.Signal(syscall.SIGTERM) + informUser("deleting argocd-server pod") k8s.DeletePodByName(argocdPodClient, argocdPodName) + informUser("waiting for argocd to be ready") waitArgoCDToBeReady(dryRun) - time.Sleep(time.Second * 30) + informUser("Port forwarding to new argocd-server pod") + if !dryRun { + time.Sleep(time.Second * 20) + var kPortForwardArgocdOutb, kPortForwardArgocdErrb bytes.Buffer + config := configs.ReadConfig() + kPortForwardArgocd := exec.Command(config.KubectlClientPath, "--kubeconfig", config.KubeConfigPath, "-n", "argocd", "port-forward", "svc/argocd-server", "8080:80") + kPortForwardArgocd.Stdout = &kPortForwardArgocdOutb + kPortForwardArgocd.Stderr = &kPortForwardArgocdErrb + err = kPortForwardArgocd.Start() + defer kPortForwardArgocd.Process.Signal(syscall.SIGTERM) + if err != nil { + log.Printf("Commad Execution STDOUT: %s", kPortForwardArgocdOutb.String()) + log.Printf("Commad Execution STDERR: %s", kPortForwardArgocdErrb.String()) + log.Panicf("error: failed to port-forward to argocd in main thread %s", err) + } + log.Println("sleeping for 40 seconds") + time.Sleep(40 * time.Second) + } informUser("Syncing the registry application") - argocd.SyncArgocdApplication(dryRun, "registry", viper.GetString("argocd.admin.apitoken")) + token := argocd.GetArgocdAuthToken(dryRun) + argocd.SyncArgocdApplication(dryRun, "registry", token) viper.Set("gitlab.registered", true) viper.WriteConfig()