From 24a8a9c57c5454e75598e96e40e99c8d1035b6d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Vanzuita?= Date: Fri, 18 Nov 2022 16:31:19 -0300 Subject: [PATCH 01/33] feat: add ingress creation, deletion MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: João Vanzuita --- internal/k3d/create.go | 3 +- internal/k8s/kubernetes.go | 97 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 99 insertions(+), 1 deletion(-) diff --git a/internal/k3d/create.go b/internal/k3d/create.go index 04a9a6e88..5b1edad54 100644 --- a/internal/k3d/create.go +++ b/internal/k3d/create.go @@ -26,7 +26,8 @@ func CreateK3dCluster() error { "--agents-memory", "1024m", "--registry-create", "k3d-"+viper.GetString("cluster-name")+"-registry:63630", "--k3s-arg", `--kubelet-arg=eviction-hard=imagefs.available<1%,nodefs.available<1%@agent:*`, - "--k3s-arg", `--kubelet-arg=eviction-minimum-reclaim=imagefs.available=1%,nodefs.available=1%@agent:*`) + "--k3s-arg", `--kubelet-arg=eviction-minimum-reclaim=imagefs.available=1%,nodefs.available=1%@agent:*`, + "--port", "80:80@loadbalancer") if err != nil { log.Println("error creating k3d cluster") return errors.New("error creating k3d cluster") diff --git a/internal/k8s/kubernetes.go b/internal/k8s/kubernetes.go index 5563d522b..67d040a8e 100644 --- a/internal/k8s/kubernetes.go +++ b/internal/k8s/kubernetes.go @@ -6,6 +6,7 @@ import ( "encoding/json" "fmt" "io" + networking "k8s.io/api/networking/v1" "log" "net/http" "os" @@ -256,6 +257,7 @@ func WaitForNamespaceandPods(dryRun bool, config *configs.Config, namespace, pod } } +// todo: delete unused function func PatchSecret(k8sClient coreV1Types.SecretInterface, secretName, key, val string) { secret, err := k8sClient.Get(context.TODO(), secretName, metaV1.GetOptions{}) if err != nil { @@ -458,3 +460,98 @@ func SetArgocdCreds(dryRun bool) { viper.Set("argocd.admin.username", "admin") viper.WriteConfig() } + +// DeleteIngress receives namespace and name to delete a Ingress object. +// +// Example: +// +// err := k8s.DeleteIngress("default", "simple-go-api") +func DeleteIngress(namespace string, name string) error { + + // todo: method + clientset, err := GetClientSet(false) + if err != nil { + return err + } + + err = clientset.NetworkingV1().Ingresses(namespace).Delete( + context.Background(), + name, + metaV1.DeleteOptions{ + TypeMeta: metaV1.TypeMeta{ + Kind: "Ingress", + }, + }, + ) + if err != nil { + return err + } + + log.Println("Ingress object deleted") + + return nil +} + +// CreateIngress creates a Ingress object based on the provided parameters. +// +// Example: +// +// err := k8s.CreateIngress("default", "simple-go-api", "api.localhost", "simple-go-api-service", 7001) +func CreateIngress(namespace string, name string, host string, serviceName string, port int32) error { + + // todo: method + clientset, err := GetClientSet(false) + if err != nil { + return err + } + + pathPrefix := networking.PathTypePrefix + + ingressConfig := networking.Ingress{ + TypeMeta: metaV1.TypeMeta{ + Kind: "Ingress", + }, + ObjectMeta: metaV1.ObjectMeta{ + Name: name, + Annotations: map[string]string{"ingress.kubernetes.io/ssl-redirect": "false"}, + }, + Spec: networking.IngressSpec{ + Rules: []networking.IngressRule{{ + Host: host, + IngressRuleValue: networking.IngressRuleValue{ + HTTP: &networking.HTTPIngressRuleValue{ + Paths: []networking.HTTPIngressPath{{ + Path: "/", + PathType: &pathPrefix, + Backend: networking.IngressBackend{ + Service: &networking.IngressServiceBackend{ + Name: serviceName, + Port: networking.ServiceBackendPort{ + Number: port, + }, + }, + }, + }}, + }, + }, + }}, + }, + } + + ingressObject, err := clientset.NetworkingV1().Ingresses(namespace).Create( + context.Background(), + &ingressConfig, + metaV1.CreateOptions{ + TypeMeta: metaV1.TypeMeta{ + Kind: "Ingress", + }, + }, + ) + if err != nil { + return err + } + + log.Println(ingressObject.Status.String()) + + return nil +} From 537858a1aaf8f5f7574870edfd63ba345c8248bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Vanzuita?= Date: Fri, 18 Nov 2022 16:34:43 -0300 Subject: [PATCH 02/33] chore: clean up MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: João Vanzuita --- internal/k8s/kubernetes.go | 68 +++++++++++++++++++------------------- 1 file changed, 34 insertions(+), 34 deletions(-) diff --git a/internal/k8s/kubernetes.go b/internal/k8s/kubernetes.go index 67d040a8e..45d4b1a07 100644 --- a/internal/k8s/kubernetes.go +++ b/internal/k8s/kubernetes.go @@ -461,43 +461,12 @@ func SetArgocdCreds(dryRun bool) { viper.WriteConfig() } -// DeleteIngress receives namespace and name to delete a Ingress object. +// IngressCreate creates a Ingress object based on the provided parameters. // // Example: // -// err := k8s.DeleteIngress("default", "simple-go-api") -func DeleteIngress(namespace string, name string) error { - - // todo: method - clientset, err := GetClientSet(false) - if err != nil { - return err - } - - err = clientset.NetworkingV1().Ingresses(namespace).Delete( - context.Background(), - name, - metaV1.DeleteOptions{ - TypeMeta: metaV1.TypeMeta{ - Kind: "Ingress", - }, - }, - ) - if err != nil { - return err - } - - log.Println("Ingress object deleted") - - return nil -} - -// CreateIngress creates a Ingress object based on the provided parameters. -// -// Example: -// -// err := k8s.CreateIngress("default", "simple-go-api", "api.localhost", "simple-go-api-service", 7001) -func CreateIngress(namespace string, name string, host string, serviceName string, port int32) error { +// err := k8s.IngressCreate("default", "simple-go-api", "api.localhost", "simple-go-api-service", 7001) +func IngressCreate(namespace string, name string, host string, serviceName string, port int32) error { // todo: method clientset, err := GetClientSet(false) @@ -555,3 +524,34 @@ func CreateIngress(namespace string, name string, host string, serviceName strin return nil } + +// IngressDelete receives namespace and name to delete a Ingress object. +// +// Example: +// +// err := k8s.IngressDelete("default", "simple-go-api") +func IngressDelete(namespace string, name string) error { + + // todo: method + clientset, err := GetClientSet(false) + if err != nil { + return err + } + + err = clientset.NetworkingV1().Ingresses(namespace).Delete( + context.Background(), + name, + metaV1.DeleteOptions{ + TypeMeta: metaV1.TypeMeta{ + Kind: "Ingress", + }, + }, + ) + if err != nil { + return err + } + + log.Println("Ingress object deleted") + + return nil +} From 203c0ca8c6dd841e54042a35f1050183d21bd9dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Vanzuita?= Date: Mon, 21 Nov 2022 09:09:21 -0300 Subject: [PATCH 03/33] chore: update how ingress are created, add testing command MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: João Vanzuita --- cmd/dev.go | 33 ++++++++++ cmd/root.go | 2 + internal/k8s/kubernetes.go | 128 ++++++++++++++++++++++++++++++++++--- 3 files changed, 154 insertions(+), 9 deletions(-) create mode 100644 cmd/dev.go diff --git a/cmd/dev.go b/cmd/dev.go new file mode 100644 index 000000000..4e8c3b449 --- /dev/null +++ b/cmd/dev.go @@ -0,0 +1,33 @@ +package cmd + +import ( + "github.com/kubefirst/kubefirst/internal/k8s" + "github.com/spf13/cobra" +) + +func NewDevCommand() *cobra.Command { + devCommand := &cobra.Command{ + Use: "dev", + Short: "", + RunE: runDev, + } + return devCommand +} + +func runDev(cmd *cobra.Command, args []string) error { + + err := k8s.IngressCreate("vault", "vault", 8200) + if err != nil { + return err + } + //err := k8s.IngressDelete("vault", "vault") + //if err != nil { + // return err + //} + //err := k8s.IngressAddRule("default", "k3d-ingress-rules", "vault", 8200) + //if err != nil { + // return err + //} + + return nil +} diff --git a/cmd/root.go b/cmd/root.go index cdc88133b..4f60b3e70 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -43,4 +43,6 @@ func Execute() { func init() { cobra.OnInitialize() rootCmd.AddCommand(local.NewCommand()) + // todo: remove me before merging + rootCmd.AddCommand(NewDevCommand()) } diff --git a/internal/k8s/kubernetes.go b/internal/k8s/kubernetes.go index 45d4b1a07..6a94a46e8 100644 --- a/internal/k8s/kubernetes.go +++ b/internal/k8s/kubernetes.go @@ -465,8 +465,8 @@ func SetArgocdCreds(dryRun bool) { // // Example: // -// err := k8s.IngressCreate("default", "simple-go-api", "api.localhost", "simple-go-api-service", 7001) -func IngressCreate(namespace string, name string, host string, serviceName string, port int32) error { +// err := k8s.IngressCreate("default", "simple-go-api", 7001) +func IngressCreate(namespace string, serviceName string, port int32) error { // todo: method clientset, err := GetClientSet(false) @@ -481,12 +481,12 @@ func IngressCreate(namespace string, name string, host string, serviceName strin Kind: "Ingress", }, ObjectMeta: metaV1.ObjectMeta{ - Name: name, + Name: namespace, Annotations: map[string]string{"ingress.kubernetes.io/ssl-redirect": "false"}, }, Spec: networking.IngressSpec{ Rules: []networking.IngressRule{{ - Host: host, + Host: "vault.localhost", IngressRuleValue: networking.IngressRuleValue{ HTTP: &networking.HTTPIngressRuleValue{ Paths: []networking.HTTPIngressPath{{ @@ -510,11 +510,7 @@ func IngressCreate(namespace string, name string, host string, serviceName strin ingressObject, err := clientset.NetworkingV1().Ingresses(namespace).Create( context.Background(), &ingressConfig, - metaV1.CreateOptions{ - TypeMeta: metaV1.TypeMeta{ - Kind: "Ingress", - }, - }, + metaV1.CreateOptions{}, ) if err != nil { return err @@ -555,3 +551,117 @@ func IngressDelete(namespace string, name string) error { return nil } + +// todo: maybe not necessary / clean up before merging +//func IngressAddRule(namespace string, ingressName string, serviceName string, port int32) error { +// +// // todo: method +// clientset, err := GetClientSet(false) +// if err != nil { +// return err +// } +// +// l, err := clientset.NetworkingV1().Ingresses(namespace).List( +// context.Background(), +// metaV1.ListOptions{ +// TypeMeta: metaV1.TypeMeta{ +// Kind: "Ingress", +// }, +// }, +// ) +// if err != nil { +// return err +// } +// +// pathPrefix := networking.PathTypePrefix +// //ingressConfig := networking.Ingress{ +// // TypeMeta: metaV1.TypeMeta{ +// // Kind: "Ingress", +// // }, +// // ObjectMeta: metaV1.ObjectMeta{ +// // Name: name, +// // Annotations: map[string]string{"ingress.kubernetes.io/ssl-redirect": "false"}, +// // }, +// // Spec: networking.IngressSpec{ +// // Rules: []networking.IngressRule{{ +// // Host: "api.localhost", +// // IngressRuleValue: networking.IngressRuleValue{ +// // HTTP: &networking.HTTPIngressRuleValue{ +// // Paths: []networking.HTTPIngressPath{{ +// // Path: "/", +// // PathType: &pathPrefix, +// // +// // Backend: networking.IngressBackend{ +// // Service: &networking.IngressServiceBackend{ +// // Name: "simple-go-api2", +// // Port: networking.ServiceBackendPort{ +// // Number: 7001, +// // }, +// // }, +// // }, +// // }}, +// // }, +// // }, +// // }}, +// // }, +// //} +// +// var foundIngress *networking.Ingress +// for _, v := range l.Items { +// fmt.Println(v.Name) +// +// if v.Name == ingressName { +// fmt.Println("---debug---") +// fmt.Println("found!") +// fmt.Println("---debug---") +// +// foundIngress = v.DeepCopy() +// break +// } +// } +// +// //foundIngress.TypeMeta = metaV1.TypeMeta{ +// // Kind: "Ingress", +// //} +// //foundIngress.TypeMeta.APIVersion = "Ingress" +// //foundIngress.Name = "new123" +// //foundIngress.UID = k8sTypes.UID(uuid.New().String()) +// vaultRules := networking.IngressRule{ +// //Host: "vault.localhost", +// IngressRuleValue: networking.IngressRuleValue{ +// HTTP: &networking.HTTPIngressRuleValue{ +// Paths: []networking.HTTPIngressPath{{ +// Path: "/" + serviceName, +// PathType: &pathPrefix, +// +// Backend: networking.IngressBackend{ +// Service: &networking.IngressServiceBackend{ +// Name: serviceName, +// Port: networking.ServiceBackendPort{ +// Number: 8200, +// }, +// }, +// }, +// }}, +// }, +// }, +// } +// //foundIngress.Spec.Rules[0].Host = "api2.localhost" +// foundIngress.Spec.Rules = append(foundIngress.Spec.Rules, vaultRules) +// +// u, err := clientset.NetworkingV1().Ingresses(namespace).Update( +// context.Background(), +// foundIngress, +// metaV1.UpdateOptions{ +// TypeMeta: metaV1.TypeMeta{ +// Kind: "Ingress", +// }}, +// ) +// if err != nil { +// return err +// } +// +// fmt.Println(u) +// +// return nil +//} From 2cc8f6cfa2a8a5a5f0237a511faf500c561aea1d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Vanzuita?= Date: Mon, 21 Nov 2022 12:04:27 -0300 Subject: [PATCH 04/33] feat: add generic function for secret creation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: João Vanzuita --- cmd/dev.go | 84 +++++++++++++++++++++++++++++++++++++- internal/k8s/kubernetes.go | 34 +++++++++++++++ pkg/constants.go | 1 + pkg/helpers.go | 4 +- 4 files changed, 121 insertions(+), 2 deletions(-) diff --git a/cmd/dev.go b/cmd/dev.go index 4e8c3b449..18d6fbbb0 100644 --- a/cmd/dev.go +++ b/cmd/dev.go @@ -16,10 +16,19 @@ func NewDevCommand() *cobra.Command { func runDev(cmd *cobra.Command, args []string) error { - err := k8s.IngressCreate("vault", "vault", 8200) + data := make(map[string]string) + + data["testing"] = "123" + + err := k8s.CreateMapStringSecret("vault", "vault-tls", data) if err != nil { return err } + + //err := k8s.IngressCreate("vault", "vault", 8200) + //if err != nil { + // return err + //} //err := k8s.IngressDelete("vault", "vault") //if err != nil { // return err @@ -29,5 +38,78 @@ func runDev(cmd *cobra.Command, args []string) error { // return err //} + // priv, err := rsa.GenerateKey(rand.Reader, *rsaBits) + //priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + //if err != nil { + // log.Fatal(err) + //} + //template := x509.Certificate{ + // SerialNumber: big.NewInt(1), + // Subject: pkix.Name{ + // Organization: []string{"Kubefirst"}, + // }, + // IsCA: true, + // NotBefore: time.Now(), + // NotAfter: time.Now().Add(time.Hour * 24 * 180), + // + // KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, + // ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, + // BasicConstraintsValid: true, + //} + + /* + hosts := strings.Split(*host, ",") + for _, h := range hosts { + if ip := net.ParseIP(h); ip != nil { + template.IPAddresses = append(template.IPAddresses, ip) + } else { + template.DNSNames = append(template.DNSNames, h) + } + } + + if *isCA { + template.IsCA = true + template.KeyUsage |= x509.KeyUsageCertSign + } + */ + + //derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, publicKey(priv), priv) + //if err != nil { + // log.Fatalf("Failed to create certificate: %s", err) + //} + //out := &bytes.Buffer{} + //pem.Encode(out, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes}) + //fmt.Println(out.String()) + //out.Reset() + //pem.Encode(out, pemBlockForKey(priv)) + //fmt.Println(out.String()) + // return nil } + +//func publicKey(priv any) any { +// switch k := priv.(type) { +// case *rsa.PrivateKey: +// return &k.PublicKey +// case *ecdsa.PrivateKey: +// return &k.PublicKey +// default: +// return nil +// } +//} +// +//func pemBlockForKey(priv interface{}) *pem.Block { +// switch k := priv.(type) { +// case *rsa.PrivateKey: +// return &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(k)} +// case *ecdsa.PrivateKey: +// b, err := x509.MarshalECPrivateKey(k) +// if err != nil { +// fmt.Fprintf(os.Stderr, "Unable to marshal ECDSA private key: %v", err) +// os.Exit(2) +// } +// return &pem.Block{Type: "EC PRIVATE KEY", Bytes: b} +// default: +// return nil +// } +//} diff --git a/internal/k8s/kubernetes.go b/internal/k8s/kubernetes.go index 6a94a46e8..6bed9924d 100644 --- a/internal/k8s/kubernetes.go +++ b/internal/k8s/kubernetes.go @@ -6,6 +6,7 @@ import ( "encoding/json" "fmt" "io" + v1 "k8s.io/api/core/v1" networking "k8s.io/api/networking/v1" "log" "net/http" @@ -665,3 +666,36 @@ func IngressDelete(namespace string, name string) error { // // return nil //} + +// CreateMapStringSecret creates a key for a specific namespace. +// +// namespace: namespace where secret will be created +// secretName: secret name to be stored at a Kubernetes object +// data: a single or collection of strings that will be stored as a Kubernetes secret +func CreateMapStringSecret(namespace string, secretName string, data map[string]string) error { + + // todo: method + clientset, err := GetClientSet(false) + if err != nil { + return err + } + + secret := v1.Secret{ + ObjectMeta: metaV1.ObjectMeta{ + Name: secretName, + Namespace: namespace, + }, + StringData: data, + } + + _, err = clientset.CoreV1().Secrets(namespace).Create( + context.Background(), + &secret, + metaV1.CreateOptions{}, + ) + if err != nil { + return err + } + + return nil +} diff --git a/pkg/constants.go b/pkg/constants.go index de4e1e447..d2847ce5d 100644 --- a/pkg/constants.go +++ b/pkg/constants.go @@ -9,6 +9,7 @@ const ( GitHubHost = "github.com" LocalClusterName = "kubefirst" MinimumAvailableDiskSize = 10 // 10 GB + LocalDNS = "localdev.me" ) // SegmentIO constants diff --git a/pkg/helpers.go b/pkg/helpers.go index 45a6b748a..5b63ff9e5 100644 --- a/pkg/helpers.go +++ b/pkg/helpers.go @@ -267,6 +267,7 @@ func DetokenizeDirectory(path string, fi os.FileInfo, err error) error { newContents = strings.Replace(newContents, "", config.LocalMetaphorProd, -1) newContents = strings.Replace(newContents, "", config.LocalMetaphorGoProd, -1) newContents = strings.Replace(newContents, "", config.LocalMetaphorFrontProd, -1) + newContents = strings.Replace(newContents, "", LocalDNS, -1) } else { newContents = strings.Replace(newContents, "", cloud, -1) newContents = strings.Replace(newContents, "", fmt.Sprintf("https://argo.%s", hostedZoneName), -1) @@ -479,7 +480,8 @@ func AwaitHostNTimes(url string, times int, gracePeriod time.Duration) { // file, newContent is the new content you want to replace. // // Example: -// err := replaceFileContent(vaultMainFile, "http://127.0.0.1:9000", "http://minio.minio.svc.cluster.local:9000") +// +// err := replaceFileContent(vaultMainFile, "http://127.0.0.1:9000", "http://minio.minio.svc.cluster.local:9000") func replaceFileContent(filPath string, oldContent string, newContent string) error { file, err := os.ReadFile(filPath) From 2772440aca1da915c286c5e21a1b05599d9e38c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Vanzuita?= Date: Mon, 21 Nov 2022 13:55:21 -0300 Subject: [PATCH 05/33] feat: add file load function MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: João Vanzuita --- cmd/dev.go | 92 +++++++------------------------------- internal/k8s/kubernetes.go | 8 ++-- pkg/helpers.go | 11 +++++ 3 files changed, 31 insertions(+), 80 deletions(-) diff --git a/cmd/dev.go b/cmd/dev.go index 18d6fbbb0..65cace4f2 100644 --- a/cmd/dev.go +++ b/cmd/dev.go @@ -2,6 +2,7 @@ package cmd import ( "github.com/kubefirst/kubefirst/internal/k8s" + "github.com/kubefirst/kubefirst/pkg" "github.com/spf13/cobra" ) @@ -16,11 +17,23 @@ func NewDevCommand() *cobra.Command { func runDev(cmd *cobra.Command, args []string) error { - data := make(map[string]string) + // todo: add Thiago's path + privKey, err := pkg.GetFileContent("./cert.pem") + if err != nil { + return err + } + // todo: add Thiago's path + pubKey, err := pkg.GetFileContent("./key.pem") + if err != nil { + return err + } - data["testing"] = "123" + data := map[string][]byte{ + "privKey": privKey, + "pubKey": pubKey, + } - err := k8s.CreateMapStringSecret("vault", "vault-tls", data) + err = k8s.CreateSecret("vault", "vault-tls", data) if err != nil { return err } @@ -38,78 +51,5 @@ func runDev(cmd *cobra.Command, args []string) error { // return err //} - // priv, err := rsa.GenerateKey(rand.Reader, *rsaBits) - //priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) - //if err != nil { - // log.Fatal(err) - //} - //template := x509.Certificate{ - // SerialNumber: big.NewInt(1), - // Subject: pkix.Name{ - // Organization: []string{"Kubefirst"}, - // }, - // IsCA: true, - // NotBefore: time.Now(), - // NotAfter: time.Now().Add(time.Hour * 24 * 180), - // - // KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, - // ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, - // BasicConstraintsValid: true, - //} - - /* - hosts := strings.Split(*host, ",") - for _, h := range hosts { - if ip := net.ParseIP(h); ip != nil { - template.IPAddresses = append(template.IPAddresses, ip) - } else { - template.DNSNames = append(template.DNSNames, h) - } - } - - if *isCA { - template.IsCA = true - template.KeyUsage |= x509.KeyUsageCertSign - } - */ - - //derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, publicKey(priv), priv) - //if err != nil { - // log.Fatalf("Failed to create certificate: %s", err) - //} - //out := &bytes.Buffer{} - //pem.Encode(out, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes}) - //fmt.Println(out.String()) - //out.Reset() - //pem.Encode(out, pemBlockForKey(priv)) - //fmt.Println(out.String()) - // return nil } - -//func publicKey(priv any) any { -// switch k := priv.(type) { -// case *rsa.PrivateKey: -// return &k.PublicKey -// case *ecdsa.PrivateKey: -// return &k.PublicKey -// default: -// return nil -// } -//} -// -//func pemBlockForKey(priv interface{}) *pem.Block { -// switch k := priv.(type) { -// case *rsa.PrivateKey: -// return &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(k)} -// case *ecdsa.PrivateKey: -// b, err := x509.MarshalECPrivateKey(k) -// if err != nil { -// fmt.Fprintf(os.Stderr, "Unable to marshal ECDSA private key: %v", err) -// os.Exit(2) -// } -// return &pem.Block{Type: "EC PRIVATE KEY", Bytes: b} -// default: -// return nil -// } -//} diff --git a/internal/k8s/kubernetes.go b/internal/k8s/kubernetes.go index 6bed9924d..1860f46f0 100644 --- a/internal/k8s/kubernetes.go +++ b/internal/k8s/kubernetes.go @@ -667,12 +667,12 @@ func IngressDelete(namespace string, name string) error { // return nil //} -// CreateMapStringSecret creates a key for a specific namespace. +// CreateSecret creates a key for a specific namespace. // // namespace: namespace where secret will be created // secretName: secret name to be stored at a Kubernetes object -// data: a single or collection of strings that will be stored as a Kubernetes secret -func CreateMapStringSecret(namespace string, secretName string, data map[string]string) error { +// data: a single or collection of []bytes that will be stored as a Kubernetes secret +func CreateSecret(namespace string, secretName string, data map[string][]byte) error { // todo: method clientset, err := GetClientSet(false) @@ -685,7 +685,7 @@ func CreateMapStringSecret(namespace string, secretName string, data map[string] Name: secretName, Namespace: namespace, }, - StringData: data, + Data: data, } _, err = clientset.CoreV1().Secrets(namespace).Create( diff --git a/pkg/helpers.go b/pkg/helpers.go index 5b63ff9e5..b36fe1154 100644 --- a/pkg/helpers.go +++ b/pkg/helpers.go @@ -654,3 +654,14 @@ func OpenLogFile(path string) (*os.File, error) { } return logFile, nil } + +func GetFileContent(filePath string) ([]byte, error) { + + byteData, err := os.ReadFile(filePath) + if err != nil { + return nil, err + } + + return byteData, nil + +} From 58d514299e394b8a3a7b199aee4fed414b21a2cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Vanzuita?= Date: Tue, 22 Nov 2022 09:15:27 -0300 Subject: [PATCH 06/33] chore: add tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: João Vanzuita --- pkg/helpers.go | 7 ++++- pkg/helpers_test.go | 72 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 78 insertions(+), 1 deletion(-) diff --git a/pkg/helpers.go b/pkg/helpers.go index b36fe1154..0ab1d581e 100644 --- a/pkg/helpers.go +++ b/pkg/helpers.go @@ -655,13 +655,18 @@ func OpenLogFile(path string) (*os.File, error) { return logFile, nil } +// GetFileContent receives a file path, and return its content. func GetFileContent(filePath string) ([]byte, error) { + // check if file exists + if _, err := os.Stat(filePath); err != nil && os.IsNotExist(err) { + return nil, err + } + byteData, err := os.ReadFile(filePath) if err != nil { return nil, err } return byteData, nil - } diff --git a/pkg/helpers_test.go b/pkg/helpers_test.go index 3dfbea763..3adf1e5a5 100644 --- a/pkg/helpers_test.go +++ b/pkg/helpers_test.go @@ -159,3 +159,75 @@ func TestValidateK1Folder(t *testing.T) { }) } } + +func TestGetFileContent(t *testing.T) { + + file, err := os.CreateTemp("", "testing.txt") + if err != nil { + t.Error(err) + } + defer func(name string) { + err := os.Remove(name) + if err != nil { + t.Error(err) + } + }(file.Name()) + + fileWithContent, err := os.CreateTemp("", "testing-with-content") + if err != nil { + t.Error(err) + } + _, err = fileWithContent.Write([]byte("some-content")) + if err != nil { + t.Error(err) + } + err = fileWithContent.Close() + if err != nil { + t.Error(err) + } + + defer func(name string) { + err := os.Remove(name) + if err != nil { + t.Error(err) + } + }(fileWithContent.Name()) + + tests := []struct { + name string + filePath string + want []byte + wantErr bool + }{ + { + name: "file doesn't exist", + filePath: "non-existent-file.ext", + want: nil, + wantErr: true, + }, + { + name: "file with no content, returns no content", + filePath: file.Name(), + want: []byte(""), + wantErr: false, + }, + { + name: "file with content, returns its content", + filePath: fileWithContent.Name(), + want: []byte("some-content"), + wantErr: false, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + got, err := GetFileContent(tt.filePath) + if (err != nil) != tt.wantErr { + t.Errorf("GetFileContent() error = %v, wantErr %v", err, tt.wantErr) + return + } + if !reflect.DeepEqual(got, tt.want) { + t.Errorf("GetFileContent() got = %v, want %v", got, tt.want) + } + }) + } +} From 7cd9c3483456fa398e4af9e03096a7a17759b356 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Vanzuita?= Date: Tue, 22 Nov 2022 10:18:37 -0300 Subject: [PATCH 07/33] feat: open 443 port mapping for k3d load balancer MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: João Vanzuita --- internal/k3d/create.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/internal/k3d/create.go b/internal/k3d/create.go index 5b1edad54..7081e1b73 100644 --- a/internal/k3d/create.go +++ b/internal/k3d/create.go @@ -27,7 +27,8 @@ func CreateK3dCluster() error { "--registry-create", "k3d-"+viper.GetString("cluster-name")+"-registry:63630", "--k3s-arg", `--kubelet-arg=eviction-hard=imagefs.available<1%,nodefs.available<1%@agent:*`, "--k3s-arg", `--kubelet-arg=eviction-minimum-reclaim=imagefs.available=1%,nodefs.available=1%@agent:*`, - "--port", "80:80@loadbalancer") + "--port", "80:80@loadbalancer", + "--port", "443:443@loadbalancer") if err != nil { log.Println("error creating k3d cluster") return errors.New("error creating k3d cluster") From cca9e0abbe8e44402e3dd3bc7b137b4f553fabf4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Paulo=20Vanzuita?= Date: Tue, 22 Nov 2022 14:15:13 -0300 Subject: [PATCH 08/33] refactor: initial argocd config, split it into local and cloud (#774) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * refactor: initial argocd config, split it into local and cloud Signed-off-by: João Vanzuita --- cmd/createGithub.go | 15 +++--- cmd/local/local.go | 12 +++-- internal/argocd/argocd.go | 100 ++++++++++++++++++++++++++++++-------- pkg/keys.go | 41 +++++++++------- 4 files changed, 122 insertions(+), 46 deletions(-) diff --git a/cmd/createGithub.go b/cmd/createGithub.go index 92f0023a4..ceac3dcf9 100644 --- a/cmd/createGithub.go +++ b/cmd/createGithub.go @@ -99,13 +99,16 @@ var createGithubCmd = &cobra.Command{ progressPrinter.IncrementTracker("step-base", 1) gitopsRepo := fmt.Sprintf("git@github.com:%s/gitops.git", viper.GetString("github.owner")) - argocd.CreateInitialArgoCDRepository(gitopsRepo) - // clientset, err := k8s.GetClientSet(globalFlags.DryRun) - // if err != nil { - // log.Printf("Failed to get clientset for k8s : %s", err) - // return err - // } + botPrivateKey := viper.GetString("botprivatekey") + + argoCDConfig := argocd.GetArgoCDInitialCloudConfig(gitopsRepo, botPrivateKey) + + err = argocd.CreateInitialArgoCDRepository(config, argoCDConfig) + if err != nil { + return err + } + err = helm.InstallArgocd(globalFlags.DryRun) if err != nil { log.Println("Error installing argocd") diff --git a/cmd/local/local.go b/cmd/local/local.go index c6673fdbb..f20859934 100644 --- a/cmd/local/local.go +++ b/cmd/local/local.go @@ -171,9 +171,15 @@ func runLocal(cmd *cobra.Command, args []string) error { executionControl = viper.GetBool("argocd.initial-repository.created") if !executionControl { pkg.InformUser("create initial argocd repository", silentMode) - //Enterprise users need to be able to set the hostname for git. - gitopsRepo := fmt.Sprintf("git@%s:%s/gitops.git", viper.GetString("github.host"), viper.GetString("github.owner")) - err := argocd.CreateInitialArgoCDRepository(gitopsRepo) + // Enterprise users need to be able to set the hostname for git. + gitOpsRepo := fmt.Sprintf("git@%s:%s/gitops.git", viper.GetString("github.host"), viper.GetString("github.owner")) + + argoCDConfig := argocd.GetArgoCDInitialLocalConfig( + gitOpsRepo, + viper.GetString("botprivatekey"), + ) + + err := argocd.CreateInitialArgoCDRepository(config, argoCDConfig) if err != nil { log.Println("Error CreateInitialArgoCDRepository") return err diff --git a/internal/argocd/argocd.go b/internal/argocd/argocd.go index d2984cfbb..65fda3673 100644 --- a/internal/argocd/argocd.go +++ b/internal/argocd/argocd.go @@ -23,8 +23,8 @@ import ( var ArgocdSecretClient coreV1Types.SecretInterface -// ConfigRepo - Sample config struct -type ConfigRepo struct { +// Config ArgoCD configuration +type Config struct { Configs struct { Repositories struct { RepoGitops struct { @@ -40,6 +40,32 @@ type ConfigRepo struct { } `yaml:"ssh-creds"` } `yaml:"credentialTemplates"` } `yaml:"configs"` + Server struct { + ExtraArgs []string `yaml:"extraArgs"` + Ingress struct { + Enabled string `yaml:"enabled"` + Annotations struct { + IngressKubernetesIoRewriteTarget string `yaml:"ingress.kubernetes.io/rewrite-target"` + IngressKubernetesIoBackendProtocol string `yaml:"ingress.kubernetes.io/backend-protocol"` + + IngressKubernetesIoActionsSslRedirect struct { + Type string `json:"Type"` + RedirectConfig struct { + Protocol string `json:"Protocol"` + Port string `json:"Port"` + StatusCode string `json:"StatusCode"` + } `json:"RedirectConfig"` + } `json:"ingress.kubernetes.io/actions.ssl-redirect"` + } `yaml:"annotations"` + Hosts []string `yaml:"hosts"` + TLS []TLSConfig `yaml:"tls"` + } `yaml:"ingress"` + } `yaml:"server"` +} + +type TLSConfig struct { + Hosts []string `yaml:"hosts"` + SecretName string `yaml:"secretName"` } // SyncRetry tries to Sync ArgoCD as many times as requested by the attempts' parameter. On successful request, returns @@ -319,32 +345,26 @@ func ApplyRegistryLocal(dryRun bool) error { return nil } -// CreateInitialArgoCDRepository - Fill and create argocd-init-values.yaml for Github installs -func CreateInitialArgoCDRepository(githubURL string) error { - config := configs.ReadConfig() - - privateKey := viper.GetString("botprivatekey") - - argoConfig := ConfigRepo{} - argoConfig.Configs.Repositories.RepoGitops.URL = githubURL - argoConfig.Configs.Repositories.RepoGitops.Type = "git" - argoConfig.Configs.Repositories.RepoGitops.Name = "github-gitops" - argoConfig.Configs.CredentialTemplates.SSHCreds.URL = githubURL - argoConfig.Configs.CredentialTemplates.SSHCreds.SSHPrivateKey = privateKey +// CreateInitialArgoCDRepository - Fill and create `argocd-init-values.yaml` for GitHub installs. +// The `argocd-init-values.yaml` is applied during helm install. +func CreateInitialArgoCDRepository(config *configs.Config, argoConfig Config) error { argoCdRepoYaml, err := yaml2.Marshal(&argoConfig) if err != nil { - log.Printf("error: marshaling yaml for argo config %s", err) - return err + return fmt.Errorf("error: marshaling yaml for argo config %s", err) } err = os.WriteFile(fmt.Sprintf("%s/argocd-init-values.yaml", config.K1FolderPath), argoCdRepoYaml, 0644) if err != nil { - log.Printf("error: could not write argocd-init-values.yaml %s", err) - return err + return fmt.Errorf("error: could not write argocd-init-values.yaml %s", err) } viper.Set("argocd.initial-repository.created", true) - viper.WriteConfig() + + err = viper.WriteConfig() + if err != nil { + return err + } + return nil } @@ -436,3 +456,45 @@ func WaitArgoCDToBeReady(dryRun bool) { } } } + +// GetArgoCDInitialLocalConfig build a Config struct for local installation +func GetArgoCDInitialLocalConfig(gitOpsRepo string, botPrivateKey string) Config { + + argoCDConfig := Config{} + + // Repo config + argoCDConfig.Configs.Repositories.RepoGitops.URL = gitOpsRepo + argoCDConfig.Configs.Repositories.RepoGitops.Type = "git" + argoCDConfig.Configs.Repositories.RepoGitops.Name = "github-gitops" + + // Credentials + argoCDConfig.Configs.CredentialTemplates.SSHCreds.URL = gitOpsRepo + argoCDConfig.Configs.CredentialTemplates.SSHCreds.SSHPrivateKey = botPrivateKey + + // Ingress + argoCDConfig.Server.ExtraArgs = []string{"--insecure"} + argoCDConfig.Server.Ingress.Enabled = "true" + argoCDConfig.Server.Ingress.Annotations.IngressKubernetesIoRewriteTarget = "/" + argoCDConfig.Server.Ingress.Annotations.IngressKubernetesIoBackendProtocol = "HTTPS" + argoCDConfig.Server.Ingress.Hosts = []string{"argocd.localhost"} + + argoCDConfig.Server.Ingress.Annotations.IngressKubernetesIoActionsSslRedirect.Type = "redirect" + argoCDConfig.Server.Ingress.Annotations.IngressKubernetesIoActionsSslRedirect.RedirectConfig.Protocol = "HTTPS" + argoCDConfig.Server.Ingress.Annotations.IngressKubernetesIoActionsSslRedirect.RedirectConfig.Port = "443" + argoCDConfig.Server.Ingress.Annotations.IngressKubernetesIoActionsSslRedirect.RedirectConfig.StatusCode = "HTTP_301" + + return argoCDConfig +} + +// GetArgoCDInitialCloudConfig build a Config struct for Cloud installation +func GetArgoCDInitialCloudConfig(gitOpsRepo string, botPrivateKey string) Config { + + argoCDConfig := Config{} + argoCDConfig.Configs.Repositories.RepoGitops.URL = gitOpsRepo + argoCDConfig.Configs.Repositories.RepoGitops.Type = "git" + argoCDConfig.Configs.Repositories.RepoGitops.Name = "github-gitops" + argoCDConfig.Configs.CredentialTemplates.SSHCreds.URL = gitOpsRepo + argoCDConfig.Configs.CredentialTemplates.SSHCreds.SSHPrivateKey = botPrivateKey + + return argoCDConfig +} diff --git a/pkg/keys.go b/pkg/keys.go index 968513b88..0741a47f8 100644 --- a/pkg/keys.go +++ b/pkg/keys.go @@ -6,13 +6,13 @@ import ( "crypto/x509" "encoding/pem" "fmt" + "github.com/kubefirst/kubefirst/configs" "log" "os" "strings" "github.com/caarlos0/sshmarshal" goGitSsh "github.com/go-git/go-git/v5/plumbing/transport/ssh" - "github.com/kubefirst/kubefirst/configs" "github.com/spf13/viper" "golang.org/x/crypto/ed25519" "golang.org/x/crypto/ssh" @@ -20,7 +20,6 @@ import ( func CreateSshKeyPair() { - config := configs.ReadConfig() publicKey := viper.GetString("botpublickey") // generate GitLab keys @@ -58,26 +57,32 @@ func CreateSshKeyPair() { } publicKey = viper.GetString("botpublickey") - privateKey := viper.GetString("botprivatekey") - var argocdInitValuesYaml = []byte(fmt.Sprintf(` + // todo: break it into smaller function + if viper.GetString("gitprovider") != CloudK3d { + + config := configs.ReadConfig() + privateKey := viper.GetString("botprivatekey") + + var argocdInitValuesYaml = []byte(fmt.Sprintf(` configs: - repositories: - soft-serve-gitops: - url: ssh://soft-serve.soft-serve.svc.cluster.local:22/gitops - insecure: 'true' - type: gitClient - name: soft-serve-gitops - credentialTemplates: - ssh-creds: - url: ssh://soft-serve.soft-serve.svc.cluster.local:22 - sshPrivateKey: | - %s + repositories: + soft-serve-gitops: + url: ssh://soft-serve.soft-serve.svc.cluster.local:22/gitops + insecure: 'true' + type: gitClient + name: soft-serve-gitops + credentialTemplates: + ssh-creds: + url: ssh://soft-serve.soft-serve.svc.cluster.local:22 + sshPrivateKey: | + %s `, strings.ReplaceAll(privateKey, "\n", "\n "))) - err := os.WriteFile(fmt.Sprintf("%s/argocd-init-values.yaml", config.K1FolderPath), argocdInitValuesYaml, 0644) - if err != nil { - log.Panicf("error: could not write argocd-init-values.yaml %s", err) + err := os.WriteFile(fmt.Sprintf("%s/argocd-init-values.yaml", config.K1FolderPath), argocdInitValuesYaml, 0644) + if err != nil { + log.Panicf("error: could not write argocd-init-values.yaml %s", err) + } } } From d96a69143c4f17132dfa3ef8fee3c7b3d1577ae3 Mon Sep 17 00:00:00 2001 From: Thiago Pagotto Date: Tue, 22 Nov 2022 14:21:26 -0300 Subject: [PATCH 09/33] 746 spike https local (#773) * calling methods to create certs on local * added mkcert stuffs on config struct * downloading mkcert * added func to install CA and make certs Signed-off-by: Thiago Pagotto --- cmd/local/local.go | 12 ++++++++-- configs/config.go | 4 ++++ internal/downloadManager/download.go | 17 ++++++++++++++ internal/ssl/ssl.go | 35 ++++++++++++++++++++++++++++ 4 files changed, 66 insertions(+), 2 deletions(-) diff --git a/cmd/local/local.go b/cmd/local/local.go index f20859934..8ae764147 100644 --- a/cmd/local/local.go +++ b/cmd/local/local.go @@ -3,12 +3,13 @@ package local import ( "context" "fmt" - "github.com/kubefirst/kubefirst/configs" - "github.com/kubefirst/kubefirst/internal/wrappers" "log" "sync" "time" + "github.com/kubefirst/kubefirst/configs" + "github.com/kubefirst/kubefirst/internal/wrappers" + "github.com/go-git/go-git/v5/plumbing" "github.com/kubefirst/kubefirst/internal/argocd" "github.com/kubefirst/kubefirst/internal/gitClient" @@ -18,6 +19,7 @@ import ( "github.com/kubefirst/kubefirst/internal/k8s" "github.com/kubefirst/kubefirst/internal/metaphor" "github.com/kubefirst/kubefirst/internal/progressPrinter" + "github.com/kubefirst/kubefirst/internal/ssl" "github.com/kubefirst/kubefirst/internal/terraform" "github.com/kubefirst/kubefirst/internal/vault" "github.com/kubefirst/kubefirst/pkg" @@ -154,6 +156,12 @@ func runLocal(cmd *cobra.Command, args []string) error { progressPrinter.IncrementTracker("step-base", 1) progressPrinter.IncrementTracker("step-github", 1) + //create local certs using mkcert tool + log.Println("Installing CA from mkcert") + ssl.InstallCALocal(config) + log.Println("Creating local certs using mkcert") + ssl.CreateCertsLocal(config) + // add secrets to cluster // todo there is a secret condition in AddK3DSecrets to this not checked executionControl = viper.GetBool("kubernetes.vault.secret.created") diff --git a/configs/config.go b/configs/config.go index a02437e23..28ec341bb 100644 --- a/configs/config.go +++ b/configs/config.go @@ -40,12 +40,14 @@ type Config struct { NgrokClientPath string TerraformClientPath string K3dPath string + mkCertPath string HostedZoneName string `env:"HOSTED_ZONE_NAME"` ClusterName string `env:"CLUSTER_NAME"` AwsRegion string `env:"AWS_REGION"` K3dVersion string + mkCertVersion string KubectlVersion string `env:"KUBECTL_VERSION" envDefault:"v1.20.0"` KubectlVersionM1 string TerraformVersion string @@ -113,6 +115,7 @@ func ReadConfig() *Config { config.TerraformClientPath = fmt.Sprintf("%s/tools/terraform", config.K1FolderPath) config.HelmClientPath = fmt.Sprintf("%s/tools/helm", config.K1FolderPath) config.K3dPath = fmt.Sprintf("%s/tools/k3d", config.K1FolderPath) + config.mkCertPath = fmt.Sprintf("%s/tools/mkcert", config.K1FolderPath) config.CertsPath = fmt.Sprintf("%s/ssl", config.K1FolderPath) config.NgrokVersion = "v3" config.TerraformVersion = "1.0.11" @@ -122,6 +125,7 @@ func ReadConfig() *Config { config.HelmVersion = "v3.6.1" config.KubectlVersionM1 = "v1.21.14" config.K3dVersion = "v5.4.6" + config.mkCertVersion = "v1.4.4" config.InstallerEmail = "kubefirst-bot@kubefirst.com" diff --git a/internal/downloadManager/download.go b/internal/downloadManager/download.go index 50c1afc2e..f7d6a8c0c 100644 --- a/internal/downloadManager/download.go +++ b/internal/downloadManager/download.go @@ -43,6 +43,23 @@ func DownloadLocalTools(config *configs.Config) error { return err } + // https://github.com/FiloSottile/mkcert/releases/download/v1.4.4/mkcert-v1.4.4-darwin-amd64 + mkCertDownloadUrl := fmt.Sprintf( + "https://github.com/FiloSottile/mkcert/releases/download/%s/mkcert-%s-%s-%s", + config.mkCertVersion, + config.mkCertVersion, + config.LocalOs, + config.LocalArchitecture, + ) + err = downloadFile(config.mkCertPath, mkCertDownloadUrl) + if err != nil { + return err + } + err = os.Chmod(config.mkCertPath, 0755) + if err != nil { + return err + } + return nil } diff --git a/internal/ssl/ssl.go b/internal/ssl/ssl.go index ee216af4e..b603f0dff 100644 --- a/internal/ssl/ssl.go +++ b/internal/ssl/ssl.go @@ -241,3 +241,38 @@ func RestoreSSL(dryRun bool, includeMetaphorApps bool) error { viper.WriteConfig() return nil } + +func InstallCALocal(config *configs.Config) { + _, _, err := pkg.ExecShellReturnStrings(config.mkCertPath, "-install") + if err != nil { + log.Printf("failed to uninstall CA of mkCert: %s", err) + } +} + +func UninstallCALocal(config *configs.Config) { + _, _, err := pkg.ExecShellReturnStrings(config.mkCertPath, "-uninstall") + if err != nil { + log.Printf("failed to uninstall CA of mkCert: %s", err) + } +} + +func CreateCertsLocal(config *configs.Config) { + log.Printf("Generating certificate argo.localdev.me on %s", config.mkCertPath) + _, _, err := pkg.ExecShellReturnStrings(config.mkCertPath, "argo.localdev.me", "-cert-file", "argo-cert.pem", "-key-file", "argo-key.pem") + if err != nil { + log.Printf("failed to generate Argo certificate using mkCert: %s", err) + } + + log.Printf("Generating certificate argocd.localdev.me on %s", config.mkCertPath) + _, _, err = pkg.ExecShellReturnStrings(config.mkCertPath, "argocd.localdev.me", "-cert-file", "argocd-cert.pem", "-key-file", "argocd-key.pem") + if err != nil { + log.Printf("failed to generate ArgoCD certificate using mkCert: %s", err) + } + + log.Printf("Generating certificate vault.localdev.me on %s", config.mkCertPath) + _, _, err = pkg.ExecShellReturnStrings(config.mkCertPath, "vault.localdev.me", "-cert-file", "vault-cert.pem", "-key-file", "vault-key.pem") + if err != nil { + log.Printf("failed to generate Vault certificate using mkCert: %s", err) + } + +} From 5b62cdf9edd60af6b0024aa8bed15c4295df7af8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Vanzuita?= Date: Tue, 22 Nov 2022 14:54:48 -0300 Subject: [PATCH 10/33] feat: add generic create certificate function MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: João Vanzuita --- cmd/local/local.go | 12 +++++--- cmd/local/prerun.go | 2 +- configs/config.go | 8 ++--- internal/downloadManager/download.go | 9 +++--- internal/ssl/ssl.go | 44 +++++++++++++++++++++++----- 5 files changed, 54 insertions(+), 21 deletions(-) diff --git a/cmd/local/local.go b/cmd/local/local.go index 8ae764147..153e16418 100644 --- a/cmd/local/local.go +++ b/cmd/local/local.go @@ -58,7 +58,11 @@ func NewCommand() *cobra.Command { // todo: get it from GH token , use it for console localCmd.Flags().StringVar(&adminEmail, "admin-email", "", "the email address for the administrator as well as for lets-encrypt certificate emails") localCmd.Flags().StringVar(&metaphorBranch, "metaphor-branch", "main", "metaphor application branch") - localCmd.Flags().StringVar(&gitOpsBranch, "gitops-branch", "main", "version/branch used on git clone") + // todo: UPDATE IT BEFORE MERGING + // todo: UPDATE IT BEFORE MERGING + // todo: UPDATE IT BEFORE MERGING + // todo: UPDATE IT BEFORE MERGING + localCmd.Flags().StringVar(&gitOpsBranch, "gitops-branch", "add-ingress-localhost", "version/branch used on git clone") localCmd.Flags().StringVar(&gitOpsRepo, "gitops-repo", "gitops", "") localCmd.Flags().StringVar(&templateTag, "template-tag", "", "when running a built version, and ldflag is set for the Kubefirst version, it will use this tag value to clone the templates (gitops and metaphor's)", @@ -156,10 +160,10 @@ func runLocal(cmd *cobra.Command, args []string) error { progressPrinter.IncrementTracker("step-base", 1) progressPrinter.IncrementTracker("step-github", 1) - //create local certs using mkcert tool - log.Println("Installing CA from mkcert") + // create local certs using MKCert tool + log.Println("Installing CA from MKCert") ssl.InstallCALocal(config) - log.Println("Creating local certs using mkcert") + log.Println("Creating local certs using MKCert") ssl.CreateCertsLocal(config) // add secrets to cluster diff --git a/cmd/local/prerun.go b/cmd/local/prerun.go index 74c786234..6f102f974 100644 --- a/cmd/local/prerun.go +++ b/cmd/local/prerun.go @@ -118,7 +118,7 @@ func validateLocal(cmd *cobra.Command, args []string) error { ) } - progressPrinter.SetupProgress(6, silentMode) + progressPrinter.SetupProgress(4, silentMode) progressPrinter.AddTracker("step-0", "Process Parameters", 1) progressPrinter.AddTracker("step-download", pkg.DownloadDependencies, 3) diff --git a/configs/config.go b/configs/config.go index 28ec341bb..4e3ac328a 100644 --- a/configs/config.go +++ b/configs/config.go @@ -40,14 +40,14 @@ type Config struct { NgrokClientPath string TerraformClientPath string K3dPath string - mkCertPath string + MkCertPath string HostedZoneName string `env:"HOSTED_ZONE_NAME"` ClusterName string `env:"CLUSTER_NAME"` AwsRegion string `env:"AWS_REGION"` K3dVersion string - mkCertVersion string + MkCertVersion string KubectlVersion string `env:"KUBECTL_VERSION" envDefault:"v1.20.0"` KubectlVersionM1 string TerraformVersion string @@ -115,7 +115,7 @@ func ReadConfig() *Config { config.TerraformClientPath = fmt.Sprintf("%s/tools/terraform", config.K1FolderPath) config.HelmClientPath = fmt.Sprintf("%s/tools/helm", config.K1FolderPath) config.K3dPath = fmt.Sprintf("%s/tools/k3d", config.K1FolderPath) - config.mkCertPath = fmt.Sprintf("%s/tools/mkcert", config.K1FolderPath) + config.MkCertPath = fmt.Sprintf("%s/tools/mkcert", config.K1FolderPath) config.CertsPath = fmt.Sprintf("%s/ssl", config.K1FolderPath) config.NgrokVersion = "v3" config.TerraformVersion = "1.0.11" @@ -125,7 +125,7 @@ func ReadConfig() *Config { config.HelmVersion = "v3.6.1" config.KubectlVersionM1 = "v1.21.14" config.K3dVersion = "v5.4.6" - config.mkCertVersion = "v1.4.4" + config.MkCertVersion = "v1.4.4" config.InstallerEmail = "kubefirst-bot@kubefirst.com" diff --git a/internal/downloadManager/download.go b/internal/downloadManager/download.go index f7d6a8c0c..c0a5bf63a 100644 --- a/internal/downloadManager/download.go +++ b/internal/downloadManager/download.go @@ -20,6 +20,7 @@ import ( ) // DownloadLocalTools - Download extra tools needed for local installations scenarios +// todo: download in parallel func DownloadLocalTools(config *configs.Config) error { toolsDirPath := fmt.Sprintf("%s/tools", config.K1FolderPath) err := createDirIfDontExist(toolsDirPath) @@ -46,16 +47,16 @@ func DownloadLocalTools(config *configs.Config) error { // https://github.com/FiloSottile/mkcert/releases/download/v1.4.4/mkcert-v1.4.4-darwin-amd64 mkCertDownloadUrl := fmt.Sprintf( "https://github.com/FiloSottile/mkcert/releases/download/%s/mkcert-%s-%s-%s", - config.mkCertVersion, - config.mkCertVersion, + config.MkCertVersion, + config.MkCertVersion, config.LocalOs, config.LocalArchitecture, ) - err = downloadFile(config.mkCertPath, mkCertDownloadUrl) + err = downloadFile(config.MkCertPath, mkCertDownloadUrl) if err != nil { return err } - err = os.Chmod(config.mkCertPath, 0755) + err = os.Chmod(config.MkCertPath, 0755) if err != nil { return err } diff --git a/internal/ssl/ssl.go b/internal/ssl/ssl.go index b603f0dff..723281d36 100644 --- a/internal/ssl/ssl.go +++ b/internal/ssl/ssl.go @@ -243,36 +243,64 @@ func RestoreSSL(dryRun bool, includeMetaphorApps bool) error { } func InstallCALocal(config *configs.Config) { - _, _, err := pkg.ExecShellReturnStrings(config.mkCertPath, "-install") + _, _, err := pkg.ExecShellReturnStrings(config.MkCertPath, "-install") if err != nil { log.Printf("failed to uninstall CA of mkCert: %s", err) } } func UninstallCALocal(config *configs.Config) { - _, _, err := pkg.ExecShellReturnStrings(config.mkCertPath, "-uninstall") + _, _, err := pkg.ExecShellReturnStrings(config.MkCertPath, "-uninstall") if err != nil { log.Printf("failed to uninstall CA of mkCert: %s", err) } } func CreateCertsLocal(config *configs.Config) { - log.Printf("Generating certificate argo.localdev.me on %s", config.mkCertPath) - _, _, err := pkg.ExecShellReturnStrings(config.mkCertPath, "argo.localdev.me", "-cert-file", "argo-cert.pem", "-key-file", "argo-key.pem") + log.Printf("Generating certificate argo.localdev.me on %s", config.MkCertPath) + _, _, err := pkg.ExecShellReturnStrings(config.MkCertPath, "argo.localdev.me", "-cert-file", "argo-cert.pem", "-key-file", "argo-key.pem") if err != nil { log.Printf("failed to generate Argo certificate using mkCert: %s", err) } - log.Printf("Generating certificate argocd.localdev.me on %s", config.mkCertPath) - _, _, err = pkg.ExecShellReturnStrings(config.mkCertPath, "argocd.localdev.me", "-cert-file", "argocd-cert.pem", "-key-file", "argocd-key.pem") + log.Printf("Generating certificate argocd.localdev.me on %s", config.MkCertPath) + _, _, err = pkg.ExecShellReturnStrings(config.MkCertPath, "argocd.localdev.me", "-cert-file", "argocd-cert.pem", "-key-file", "argocd-key.pem") if err != nil { log.Printf("failed to generate ArgoCD certificate using mkCert: %s", err) } - log.Printf("Generating certificate vault.localdev.me on %s", config.mkCertPath) - _, _, err = pkg.ExecShellReturnStrings(config.mkCertPath, "vault.localdev.me", "-cert-file", "vault-cert.pem", "-key-file", "vault-key.pem") + log.Printf("Generating certificate vault.localdev.me on %s", config.MkCertPath) + _, _, err = pkg.ExecShellReturnStrings(config.MkCertPath, "vault.localdev.me", "-cert-file", "vault-cert.pem", "-key-file", "vault-key.pem") if err != nil { log.Printf("failed to generate Vault certificate using mkCert: %s", err) } +} + +func CreateCertificatesForLocalWrapper(config *configs.Config, applicationList []string) error { + + for _, value := range applicationList { + + if err := createCertificateForLocal(config, value); err != nil { + return err + } + } + + return nil +} + +func createCertificateForLocal(config *configs.Config, appName string) error { + + fullAppAddress := appName + "." + pkg.LocalDNS + certFileName := appName + "-cert.pem" + keyFileName := appName + "-key.pem" + + log.Printf("generating certificate %s.localdev.me on %s", appName, config.MkCertPath) + + _, _, err := pkg.ExecShellReturnStrings(config.MkCertPath, fullAppAddress, "-cert-file", certFileName, "-key-file", keyFileName) + if err != nil { + return fmt.Errorf("failed to generate %s SSL certificate using MkCert: %v", appName, err) + } + + return nil } From 521586dad2e51b54d426566b6b5355112d71c280 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Vanzuita?= Date: Tue, 22 Nov 2022 15:34:40 -0300 Subject: [PATCH 11/33] chore: work in progress MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: João Vanzuita --- cmd/dev.go | 85 ++++++++++++++++++++++++++++++++-------- cmd/local/local.go | 18 ++++++++- internal/k8s/wrappers.go | 31 +++++++++++++++ internal/ssl/ssl.go | 12 +++--- 4 files changed, 122 insertions(+), 24 deletions(-) diff --git a/cmd/dev.go b/cmd/dev.go index 65cace4f2..c76471bd7 100644 --- a/cmd/dev.go +++ b/cmd/dev.go @@ -1,9 +1,11 @@ package cmd import ( + "github.com/kubefirst/kubefirst/configs" "github.com/kubefirst/kubefirst/internal/k8s" - "github.com/kubefirst/kubefirst/pkg" + "github.com/kubefirst/kubefirst/internal/ssl" "github.com/spf13/cobra" + "log" ) func NewDevCommand() *cobra.Command { @@ -17,26 +19,75 @@ func NewDevCommand() *cobra.Command { func runDev(cmd *cobra.Command, args []string) error { - // todo: add Thiago's path - privKey, err := pkg.GetFileContent("./cert.pem") - if err != nil { - return err - } - // todo: add Thiago's path - pubKey, err := pkg.GetFileContent("./key.pem") - if err != nil { - return err - } + config := configs.ReadConfig() + + // create local certs using MKCert tool + log.Println("Installing CA from MkCert") + ssl.InstallCALocal(config) + log.Println("Creating local certs using MkCert") + ssl.CreateCertsLocal(config) - data := map[string][]byte{ - "privKey": privKey, - "pubKey": pubKey, + // todo: add remaining apps + appListForCertificate := []string{"argocd", "argo, vault"} + log.Println("creating local certificates") + if err := ssl.CreateCertificatesForLocalWrapper(config, appListForCertificate); err != nil { + log.Println(err) } + log.Println("creating local certificates done") - err = k8s.CreateSecret("vault", "vault-tls", data) - if err != nil { - return err + log.Println("storing certificates into application secrets namespace") + if err := k8s.CreateSecretsFromCertificatesForLocalWrapper(config, appListForCertificate); err != nil { + log.Println(err) } + log.Println("storing certificates into application secrets namespace done") + + //argoCDConfig := argocd.Config{} + //// Repo config + //gitOpsRepo := fmt.Sprintf("git@%s:%s/gitops.git", viper.GetString("github.host"), viper.GetString("github.owner")) + // + //argoCDConfig.Configs.Repositories.RepoGitops.URL = gitOpsRepo + //argoCDConfig.Configs.Repositories.RepoGitops.Type = "git" + //argoCDConfig.Configs.Repositories.RepoGitops.Name = "github-gitops" + // + //// Credentials + //argoCDConfig.Configs.CredentialTemplates.SSHCreds.URL = gitOpsRepo + //argoCDConfig.Configs.CredentialTemplates.SSHCreds.SSHPrivateKey = viper.GetString("botprivatekey") + // + //// Ingress + //argoCDConfig.Server.ExtraArgs = []string{"--insecure"} + //argoCDConfig.Server.Ingress.Enabled = "true" + //argoCDConfig.Server.Ingress.Annotations.IngressKubernetesIoRewriteTarget = "/" + //argoCDConfig.Server.Ingress.Annotations.IngressKubernetesIoBackendProtocol = "HTTPS" + //argoCDConfig.Server.Ingress.Hosts = []string{"argocd.localhost"} + // + //argoCDConfig.Server.Ingress.TLS = append(argoCDConfig.Server.Ingress.TLS, argocd.TLSConfig{Hosts: []string{"argocd.localhost"}, SecretName: "argocd-secret"}) + // + //config := configs.ReadConfig() + //err := argocd.CreateInitialArgoCDRepository(config, argoCDConfig) + //if err != nil { + // return err + //} + + //// todo: add Thiago's path + //privKey, err := pkg.GetFileContent("./cert.pem") + //if err != nil { + // return err + //} + //// todo: add Thiago's path + //pubKey, err := pkg.GetFileContent("./key.pem") + //if err != nil { + // return err + //} + // + //data := map[string][]byte{ + // "privKey": privKey, + // "pubKey": pubKey, + //} + // + //err = k8s.CreateSecret("vault", "vault-tls", data) + //if err != nil { + // return err + //} //err := k8s.IngressCreate("vault", "vault", 8200) //if err != nil { diff --git a/cmd/local/local.go b/cmd/local/local.go index 153e16418..72ce3bf5c 100644 --- a/cmd/local/local.go +++ b/cmd/local/local.go @@ -161,11 +161,25 @@ func runLocal(cmd *cobra.Command, args []string) error { progressPrinter.IncrementTracker("step-github", 1) // create local certs using MKCert tool - log.Println("Installing CA from MKCert") + log.Println("Installing CA from MkCert") ssl.InstallCALocal(config) - log.Println("Creating local certs using MKCert") + log.Println("Creating local certs using MkCert") ssl.CreateCertsLocal(config) + // todo: add remaining apps + appListForCertificate := []string{"argocd", "argo, vault"} + log.Println("creating local certificates") + if err := ssl.CreateCertificatesForLocalWrapper(config, appListForCertificate); err != nil { + log.Println(err) + } + log.Println("creating local certificates done") + + log.Println("storing certificates into application secrets namespace") + if err := k8s.CreateSecretsFromCertificatesForLocalWrapper(config, appListForCertificate); err != nil { + log.Println(err) + } + log.Println("storing certificates into application secrets namespace done") + // add secrets to cluster // todo there is a secret condition in AddK3DSecrets to this not checked executionControl = viper.GetBool("kubernetes.vault.secret.created") diff --git a/internal/k8s/wrappers.go b/internal/k8s/wrappers.go index c653ebaaa..84eabfc49 100644 --- a/internal/k8s/wrappers.go +++ b/internal/k8s/wrappers.go @@ -149,3 +149,34 @@ func OpenPortForwardWrapper(podName string, namespace string, podPort int, podLo return } + +func CreateSecretsFromCertificatesForLocalWrapper(config *configs.Config, applicationList []string) error { + for _, appName := range applicationList { + + certFileName := appName + "-cert.pem" // example: app-name-cert.pem + keyFileName := appName + "-key.pem" // example: app-name-key.pem + + // open file content + certContent, err := pkg.GetFileContent(config.MkCertPath + certFileName) + if err != nil { + return err + } + + keyContent, err := pkg.GetFileContent(config.MkCertPath + keyFileName) + if err != nil { + return err + } + + data := make(map[string][]byte) + data["privKey"] = certContent + data["pubKey"] = keyContent + + // save content into secret + err = CreateSecret(appName, appName+"-tls", data) + if err != nil { + return err + } + } + + return nil +} diff --git a/internal/ssl/ssl.go b/internal/ssl/ssl.go index 723281d36..5b7ca15a8 100644 --- a/internal/ssl/ssl.go +++ b/internal/ssl/ssl.go @@ -276,24 +276,26 @@ func CreateCertsLocal(config *configs.Config) { } } +// CreateCertificatesForLocalWrapper groups a certification creation call into a wrapper. The provided application +// list is used to create SSL certificates for each of the provided application. func CreateCertificatesForLocalWrapper(config *configs.Config, applicationList []string) error { for _, value := range applicationList { - if err := createCertificateForLocal(config, value); err != nil { return err } - } return nil } +// createCertificateForLocal issue certificates for a specific application. MkCert is the tool who is going to create +// the certificates, store them in files, and store the certificates in the host trusted store. func createCertificateForLocal(config *configs.Config, appName string) error { - fullAppAddress := appName + "." + pkg.LocalDNS - certFileName := appName + "-cert.pem" - keyFileName := appName + "-key.pem" + fullAppAddress := appName + "." + pkg.LocalDNS // example: app-name.localdev.me + certFileName := appName + "-cert.pem" // example: app-name-cert.pem + keyFileName := appName + "-key.pem" // example: app-name-key.pem log.Printf("generating certificate %s.localdev.me on %s", appName, config.MkCertPath) From 972705e1144c83ea6d500093c4019c57499c1f83 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Vanzuita?= Date: Tue, 22 Nov 2022 15:59:01 -0300 Subject: [PATCH 12/33] chore: work in progress MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: João Vanzuita --- cmd/dev.go | 15 +++++----- cmd/local/local.go | 4 +-- configs/config.go | 2 +- internal/k8s/wrappers.go | 6 ++-- internal/ssl/ssl.go | 59 +++++++++++++++++++++++----------------- 5 files changed, 48 insertions(+), 38 deletions(-) diff --git a/cmd/dev.go b/cmd/dev.go index c76471bd7..dcdf7d508 100644 --- a/cmd/dev.go +++ b/cmd/dev.go @@ -24,14 +24,13 @@ func runDev(cmd *cobra.Command, args []string) error { // create local certs using MKCert tool log.Println("Installing CA from MkCert") ssl.InstallCALocal(config) - log.Println("Creating local certs using MkCert") - ssl.CreateCertsLocal(config) - + log.Println("creating local certs using MkCert") + //ssl.CreateCertsLocal(config) // todo: add remaining apps - appListForCertificate := []string{"argocd", "argo, vault"} - log.Println("creating local certificates") - if err := ssl.CreateCertificatesForLocalWrapper(config, appListForCertificate); err != nil { - log.Println(err) + appListForCertificate := []string{"argocd", "argo", "vault"} + err := ssl.CreateCertificatesForLocalWrapper(config, appListForCertificate) + if err != nil { + return err } log.Println("creating local certificates done") @@ -39,7 +38,7 @@ func runDev(cmd *cobra.Command, args []string) error { if err := k8s.CreateSecretsFromCertificatesForLocalWrapper(config, appListForCertificate); err != nil { log.Println(err) } - log.Println("storing certificates into application secrets namespace done") + //log.Println("storing certificates into application secrets namespace done") //argoCDConfig := argocd.Config{} //// Repo config diff --git a/cmd/local/local.go b/cmd/local/local.go index 72ce3bf5c..b8425c952 100644 --- a/cmd/local/local.go +++ b/cmd/local/local.go @@ -163,8 +163,8 @@ func runLocal(cmd *cobra.Command, args []string) error { // create local certs using MKCert tool log.Println("Installing CA from MkCert") ssl.InstallCALocal(config) - log.Println("Creating local certs using MkCert") - ssl.CreateCertsLocal(config) + //log.Println("Creating local certs using MkCert") + //ssl.CreateCertsLocal(config) // todo: add remaining apps appListForCertificate := []string{"argocd", "argo, vault"} diff --git a/configs/config.go b/configs/config.go index 4e3ac328a..60e1c6c1e 100644 --- a/configs/config.go +++ b/configs/config.go @@ -115,8 +115,8 @@ func ReadConfig() *Config { config.TerraformClientPath = fmt.Sprintf("%s/tools/terraform", config.K1FolderPath) config.HelmClientPath = fmt.Sprintf("%s/tools/helm", config.K1FolderPath) config.K3dPath = fmt.Sprintf("%s/tools/k3d", config.K1FolderPath) - config.MkCertPath = fmt.Sprintf("%s/tools/mkcert", config.K1FolderPath) config.CertsPath = fmt.Sprintf("%s/ssl", config.K1FolderPath) + config.MkCertPath = fmt.Sprintf("%s/tools/mkcert", config.K1FolderPath) config.NgrokVersion = "v3" config.TerraformVersion = "1.0.11" config.ArgoCDChartHelmVersion = "4.10.5" diff --git a/internal/k8s/wrappers.go b/internal/k8s/wrappers.go index 84eabfc49..c9d818204 100644 --- a/internal/k8s/wrappers.go +++ b/internal/k8s/wrappers.go @@ -153,8 +153,10 @@ func OpenPortForwardWrapper(podName string, namespace string, podPort int, podLo func CreateSecretsFromCertificatesForLocalWrapper(config *configs.Config, applicationList []string) error { for _, appName := range applicationList { - certFileName := appName + "-cert.pem" // example: app-name-cert.pem - keyFileName := appName + "-key.pem" // example: app-name-key.pem + certsFolder := config.MkCertPath + "/certs/" + + certFileName := certsFolder + appName + "-cert.pem" // example: app-name-cert.pem + keyFileName := certsFolder + appName + "-key.pem" // example: app-name-key.pem // open file content certContent, err := pkg.GetFileContent(config.MkCertPath + certFileName) diff --git a/internal/ssl/ssl.go b/internal/ssl/ssl.go index 5b7ca15a8..8c3ba7008 100644 --- a/internal/ssl/ssl.go +++ b/internal/ssl/ssl.go @@ -256,32 +256,39 @@ func UninstallCALocal(config *configs.Config) { } } -func CreateCertsLocal(config *configs.Config) { - log.Printf("Generating certificate argo.localdev.me on %s", config.MkCertPath) - _, _, err := pkg.ExecShellReturnStrings(config.MkCertPath, "argo.localdev.me", "-cert-file", "argo-cert.pem", "-key-file", "argo-key.pem") - if err != nil { - log.Printf("failed to generate Argo certificate using mkCert: %s", err) - } - - log.Printf("Generating certificate argocd.localdev.me on %s", config.MkCertPath) - _, _, err = pkg.ExecShellReturnStrings(config.MkCertPath, "argocd.localdev.me", "-cert-file", "argocd-cert.pem", "-key-file", "argocd-key.pem") - if err != nil { - log.Printf("failed to generate ArgoCD certificate using mkCert: %s", err) - } - - log.Printf("Generating certificate vault.localdev.me on %s", config.MkCertPath) - _, _, err = pkg.ExecShellReturnStrings(config.MkCertPath, "vault.localdev.me", "-cert-file", "vault-cert.pem", "-key-file", "vault-key.pem") - if err != nil { - log.Printf("failed to generate Vault certificate using mkCert: %s", err) - } -} +//func CreateCertsLocal(config *configs.Config) { +// log.Printf("Generating certificate argo.localdev.me on %s", config.MkCertPath) +// _, _, err := pkg.ExecShellReturnStrings(config.MkCertPath, "argo.localdev.me", "-cert-file", "argo-cert.pem", "-key-file", "argo-key.pem") +// if err != nil { +// log.Printf("failed to generate Argo certificate using mkCert: %s", err) +// } +// +// log.Printf("Generating certificate argocd.localdev.me on %s", config.MkCertPath) +// _, _, err = pkg.ExecShellReturnStrings(config.MkCertPath, "argocd.localdev.me", "-cert-file", "argocd-cert.pem", "-key-file", "argocd-key.pem") +// if err != nil { +// log.Printf("failed to generate ArgoCD certificate using mkCert: %s", err) +// } +// +// log.Printf("Generating certificate vault.localdev.me on %s", config.MkCertPath) +// _, _, err = pkg.ExecShellReturnStrings(config.MkCertPath, "vault.localdev.me", "-cert-file", "vault-cert.pem", "-key-file", "vault-key.pem") +// if err != nil { +// log.Printf("failed to generate Vault certificate using mkCert: %s", err) +// } +//} // CreateCertificatesForLocalWrapper groups a certification creation call into a wrapper. The provided application // list is used to create SSL certificates for each of the provided application. func CreateCertificatesForLocalWrapper(config *configs.Config, applicationList []string) error { - for _, value := range applicationList { - if err := createCertificateForLocal(config, value); err != nil { + // create folder + // todo: check permission + err := os.Mkdir(config.MkCertPath+"certs", 0755) + if err != nil { + return err + } + + for _, appName := range applicationList { + if err := createCertificateForLocal(config, appName); err != nil { return err } } @@ -293,13 +300,15 @@ func CreateCertificatesForLocalWrapper(config *configs.Config, applicationList [ // the certificates, store them in files, and store the certificates in the host trusted store. func createCertificateForLocal(config *configs.Config, appName string) error { - fullAppAddress := appName + "." + pkg.LocalDNS // example: app-name.localdev.me - certFileName := appName + "-cert.pem" // example: app-name-cert.pem - keyFileName := appName + "-key.pem" // example: app-name-key.pem + certsFolder := config.MkCertPath + "/certs/" + + fullAppAddress := appName + "." + pkg.LocalDNS // example: app-name.localdev.me + certFileName := certsFolder + appName + "-cert.pem" // example: app-name-cert.pem + keyFileName := certsFolder + appName + "-key.pem" // example: app-name-key.pem log.Printf("generating certificate %s.localdev.me on %s", appName, config.MkCertPath) - _, _, err := pkg.ExecShellReturnStrings(config.MkCertPath, fullAppAddress, "-cert-file", certFileName, "-key-file", keyFileName) + _, _, err := pkg.ExecShellReturnStrings(config.MkCertPath, "-cert-file", certFileName, "-key-file", keyFileName, pkg.LocalDNS, fullAppAddress) if err != nil { return fmt.Errorf("failed to generate %s SSL certificate using MkCert: %v", appName, err) } From fb83c3fcb8756e6919419eebbed36b4956128c3b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Vanzuita?= Date: Tue, 22 Nov 2022 16:09:13 -0300 Subject: [PATCH 13/33] chore: work in progress MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: João Vanzuita --- cmd/local/local.go | 4 +--- configs/config.go | 3 +++ internal/k8s/wrappers.go | 6 +++--- internal/ssl/ssl.go | 6 +++--- 4 files changed, 10 insertions(+), 9 deletions(-) diff --git a/cmd/local/local.go b/cmd/local/local.go index b8425c952..0efaa9113 100644 --- a/cmd/local/local.go +++ b/cmd/local/local.go @@ -161,10 +161,8 @@ func runLocal(cmd *cobra.Command, args []string) error { progressPrinter.IncrementTracker("step-github", 1) // create local certs using MKCert tool - log.Println("Installing CA from MkCert") + log.Println("installing CA from MkCert") ssl.InstallCALocal(config) - //log.Println("Creating local certs using MkCert") - //ssl.CreateCertsLocal(config) // todo: add remaining apps appListForCertificate := []string{"argocd", "argo, vault"} diff --git a/configs/config.go b/configs/config.go index 60e1c6c1e..737d74875 100644 --- a/configs/config.go +++ b/configs/config.go @@ -41,6 +41,7 @@ type Config struct { TerraformClientPath string K3dPath string MkCertPath string + MkCertPemFilesPath string HostedZoneName string `env:"HOSTED_ZONE_NAME"` ClusterName string `env:"CLUSTER_NAME"` @@ -117,6 +118,8 @@ func ReadConfig() *Config { config.K3dPath = fmt.Sprintf("%s/tools/k3d", config.K1FolderPath) config.CertsPath = fmt.Sprintf("%s/ssl", config.K1FolderPath) config.MkCertPath = fmt.Sprintf("%s/tools/mkcert", config.K1FolderPath) + config.MkCertPath = fmt.Sprintf("%s/tools/mkcert", config.K1FolderPath) + config.MkCertPemFilesPath = fmt.Sprintf("%s/tools/certs/", config.K1FolderPath) config.NgrokVersion = "v3" config.TerraformVersion = "1.0.11" config.ArgoCDChartHelmVersion = "4.10.5" diff --git a/internal/k8s/wrappers.go b/internal/k8s/wrappers.go index c9d818204..d7052e6b0 100644 --- a/internal/k8s/wrappers.go +++ b/internal/k8s/wrappers.go @@ -153,18 +153,18 @@ func OpenPortForwardWrapper(podName string, namespace string, podPort int, podLo func CreateSecretsFromCertificatesForLocalWrapper(config *configs.Config, applicationList []string) error { for _, appName := range applicationList { - certsFolder := config.MkCertPath + "/certs/" + certsFolder := config.MkCertPemFilesPath certFileName := certsFolder + appName + "-cert.pem" // example: app-name-cert.pem keyFileName := certsFolder + appName + "-key.pem" // example: app-name-key.pem // open file content - certContent, err := pkg.GetFileContent(config.MkCertPath + certFileName) + certContent, err := pkg.GetFileContent(certFileName) if err != nil { return err } - keyContent, err := pkg.GetFileContent(config.MkCertPath + keyFileName) + keyContent, err := pkg.GetFileContent(keyFileName) if err != nil { return err } diff --git a/internal/ssl/ssl.go b/internal/ssl/ssl.go index 8c3ba7008..5d3dc232f 100644 --- a/internal/ssl/ssl.go +++ b/internal/ssl/ssl.go @@ -282,8 +282,8 @@ func CreateCertificatesForLocalWrapper(config *configs.Config, applicationList [ // create folder // todo: check permission - err := os.Mkdir(config.MkCertPath+"certs", 0755) - if err != nil { + err := os.Mkdir(config.MkCertPemFilesPath, 0755) + if err != nil && os.IsNotExist(err) { return err } @@ -300,7 +300,7 @@ func CreateCertificatesForLocalWrapper(config *configs.Config, applicationList [ // the certificates, store them in files, and store the certificates in the host trusted store. func createCertificateForLocal(config *configs.Config, appName string) error { - certsFolder := config.MkCertPath + "/certs/" + certsFolder := config.MkCertPemFilesPath fullAppAddress := appName + "." + pkg.LocalDNS // example: app-name.localdev.me certFileName := certsFolder + appName + "-cert.pem" // example: app-name-cert.pem From 4c2484103cfa06359d2bb2f56af31a128301c316 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Vanzuita?= Date: Tue, 22 Nov 2022 16:40:51 -0300 Subject: [PATCH 14/33] chore: move secret creation for end of installation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: João Vanzuita --- cmd/dev.go | 6 ++---- cmd/local/local.go | 10 +--------- cmd/local/postrun.go | 9 +++++++++ configs/config.go | 4 ++++ internal/k8s/wrappers.go | 5 +++-- internal/ssl/ssl.go | 4 ++-- 6 files changed, 21 insertions(+), 17 deletions(-) diff --git a/cmd/dev.go b/cmd/dev.go index dcdf7d508..c67a328df 100644 --- a/cmd/dev.go +++ b/cmd/dev.go @@ -26,16 +26,14 @@ func runDev(cmd *cobra.Command, args []string) error { ssl.InstallCALocal(config) log.Println("creating local certs using MkCert") //ssl.CreateCertsLocal(config) - // todo: add remaining apps - appListForCertificate := []string{"argocd", "argo", "vault"} - err := ssl.CreateCertificatesForLocalWrapper(config, appListForCertificate) + err := ssl.CreateCertificatesForLocalWrapper(config) if err != nil { return err } log.Println("creating local certificates done") log.Println("storing certificates into application secrets namespace") - if err := k8s.CreateSecretsFromCertificatesForLocalWrapper(config, appListForCertificate); err != nil { + if err := k8s.CreateSecretsFromCertificatesForLocalWrapper(config); err != nil { log.Println(err) } //log.Println("storing certificates into application secrets namespace done") diff --git a/cmd/local/local.go b/cmd/local/local.go index 0efaa9113..657a27945 100644 --- a/cmd/local/local.go +++ b/cmd/local/local.go @@ -164,20 +164,12 @@ func runLocal(cmd *cobra.Command, args []string) error { log.Println("installing CA from MkCert") ssl.InstallCALocal(config) - // todo: add remaining apps - appListForCertificate := []string{"argocd", "argo, vault"} log.Println("creating local certificates") - if err := ssl.CreateCertificatesForLocalWrapper(config, appListForCertificate); err != nil { + if err := ssl.CreateCertificatesForLocalWrapper(config); err != nil { log.Println(err) } log.Println("creating local certificates done") - log.Println("storing certificates into application secrets namespace") - if err := k8s.CreateSecretsFromCertificatesForLocalWrapper(config, appListForCertificate); err != nil { - log.Println(err) - } - log.Println("storing certificates into application secrets namespace done") - // add secrets to cluster // todo there is a secret condition in AddK3DSecrets to this not checked executionControl = viper.GetBool("kubernetes.vault.secret.created") diff --git a/cmd/local/postrun.go b/cmd/local/postrun.go index ad7b5f5bd..409f196ee 100644 --- a/cmd/local/postrun.go +++ b/cmd/local/postrun.go @@ -1,6 +1,7 @@ package local import ( + "github.com/kubefirst/kubefirst/configs" "github.com/kubefirst/kubefirst/internal/k8s" "github.com/kubefirst/kubefirst/internal/reports" "github.com/kubefirst/kubefirst/pkg" @@ -56,6 +57,14 @@ func runPostLocal(cmd *cobra.Command, args []string) error { return err } + config := configs.ReadConfig() + + log.Println("storing certificates into application secrets namespace") + if err = k8s.CreateSecretsFromCertificatesForLocalWrapper(config); err != nil { + log.Println(err) + } + log.Println("storing certificates into application secrets namespace done") + log.Println("Starting the presentation of console and api for the handoff screen") err = pkg.IsConsoleUIAvailable(pkg.KubefirstConsoleLocalURL) diff --git a/configs/config.go b/configs/config.go index 737d74875..e81fc6c87 100644 --- a/configs/config.go +++ b/configs/config.go @@ -43,6 +43,9 @@ type Config struct { MkCertPath string MkCertPemFilesPath string + // todo: add remaining apps + AppListForCertificate []string + HostedZoneName string `env:"HOSTED_ZONE_NAME"` ClusterName string `env:"CLUSTER_NAME"` AwsRegion string `env:"AWS_REGION"` @@ -131,6 +134,7 @@ func ReadConfig() *Config { config.MkCertVersion = "v1.4.4" config.InstallerEmail = "kubefirst-bot@kubefirst.com" + config.AppListForCertificate = []string{"argocd", "argo", "vault"} config.MetaphorTemplateURL = "https://github.com/kubefirst/metaphor-template.git" config.GitopsTemplateURL = "https://github.com/kubefirst/gitops-template-gh.git" diff --git a/internal/k8s/wrappers.go b/internal/k8s/wrappers.go index d7052e6b0..664f0d279 100644 --- a/internal/k8s/wrappers.go +++ b/internal/k8s/wrappers.go @@ -150,8 +150,9 @@ func OpenPortForwardWrapper(podName string, namespace string, podPort int, podLo return } -func CreateSecretsFromCertificatesForLocalWrapper(config *configs.Config, applicationList []string) error { - for _, appName := range applicationList { +func CreateSecretsFromCertificatesForLocalWrapper(config *configs.Config) error { + + for _, appName := range config.AppListForCertificate { certsFolder := config.MkCertPemFilesPath diff --git a/internal/ssl/ssl.go b/internal/ssl/ssl.go index 5d3dc232f..3dbb91a30 100644 --- a/internal/ssl/ssl.go +++ b/internal/ssl/ssl.go @@ -278,7 +278,7 @@ func UninstallCALocal(config *configs.Config) { // CreateCertificatesForLocalWrapper groups a certification creation call into a wrapper. The provided application // list is used to create SSL certificates for each of the provided application. -func CreateCertificatesForLocalWrapper(config *configs.Config, applicationList []string) error { +func CreateCertificatesForLocalWrapper(config *configs.Config) error { // create folder // todo: check permission @@ -287,7 +287,7 @@ func CreateCertificatesForLocalWrapper(config *configs.Config, applicationList [ return err } - for _, appName := range applicationList { + for _, appName := range config.AppListForCertificate { if err := createCertificateForLocal(config, appName); err != nil { return err } From de084c5b200cb737abc198d2b21f1cf97e3a9c51 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Vanzuita?= Date: Tue, 22 Nov 2022 17:03:29 -0300 Subject: [PATCH 15/33] chore: use correct key names for certificate secrets MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: João Vanzuita --- internal/k8s/wrappers.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/k8s/wrappers.go b/internal/k8s/wrappers.go index 664f0d279..9ff922cf2 100644 --- a/internal/k8s/wrappers.go +++ b/internal/k8s/wrappers.go @@ -171,8 +171,8 @@ func CreateSecretsFromCertificatesForLocalWrapper(config *configs.Config) error } data := make(map[string][]byte) - data["privKey"] = certContent - data["pubKey"] = keyContent + data["tls.crt"] = certContent + data["tls.key"] = keyContent // save content into secret err = CreateSecret(appName, appName+"-tls", data) From bdc6114a065d1370712999219bbf7a0fc2571776 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Vanzuita?= Date: Wed, 23 Nov 2022 07:22:51 -0300 Subject: [PATCH 16/33] feat: add download in parallel for local MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: João Vanzuita --- internal/downloadManager/download.go | 89 ++++++++++++++++++---------- 1 file changed, 58 insertions(+), 31 deletions(-) diff --git a/internal/downloadManager/download.go b/internal/downloadManager/download.go index c0a5bf63a..1f937524b 100644 --- a/internal/downloadManager/download.go +++ b/internal/downloadManager/download.go @@ -28,40 +28,67 @@ func DownloadLocalTools(config *configs.Config) error { return err } - // https://github.com/k3d-io/k3d/releases/download/v5.4.6/k3d-linux-amd64 - k3dDownloadUrl := fmt.Sprintf( - "https://github.com/k3d-io/k3d/releases/download/%s/k3d-%s-%s", - config.K3dVersion, - config.LocalOs, - config.LocalArchitecture, - ) - err = downloadFile(config.K3dPath, k3dDownloadUrl) - if err != nil { - return err - } - err = os.Chmod(config.K3dPath, 0755) - if err != nil { - return err - } + var wg sync.WaitGroup + errorChannel := make(chan error) + wgDone := make(chan bool) + wg.Add(2) - // https://github.com/FiloSottile/mkcert/releases/download/v1.4.4/mkcert-v1.4.4-darwin-amd64 - mkCertDownloadUrl := fmt.Sprintf( - "https://github.com/FiloSottile/mkcert/releases/download/%s/mkcert-%s-%s-%s", - config.MkCertVersion, - config.MkCertVersion, - config.LocalOs, - config.LocalArchitecture, - ) - err = downloadFile(config.MkCertPath, mkCertDownloadUrl) - if err != nil { - return err - } - err = os.Chmod(config.MkCertPath, 0755) - if err != nil { + go func() { + // https://github.com/k3d-io/k3d/releases/download/v5.4.6/k3d-linux-amd64 + k3dDownloadUrl := fmt.Sprintf( + "https://github.com/k3d-io/k3d/releases/download/%s/k3d-%s-%s", + config.K3dVersion, + config.LocalOs, + config.LocalArchitecture, + ) + err = downloadFile(config.K3dPath, k3dDownloadUrl) + if err != nil { + errorChannel <- err + return + } + err = os.Chmod(config.K3dPath, 0755) + if err != nil { + errorChannel <- err + return + } + wg.Done() + }() + + go func() { + // https://github.com/FiloSottile/mkcert/releases/download/v1.4.4/mkcert-v1.4.4-darwin-amd64 + mkCertDownloadUrl := fmt.Sprintf( + "https://github.com/FiloSottile/mkcert/releases/download/%s/mkcert-%s-%s-%s", + config.MkCertVersion, + config.MkCertVersion, + config.LocalOs, + config.LocalArchitecture, + ) + err = downloadFile(config.MkCertPath, mkCertDownloadUrl) + if err != nil { + errorChannel <- err + return + } + err = os.Chmod(config.MkCertPath, 0755) + if err != nil { + errorChannel <- err + return + } + wg.Done() + }() + + go func() { + wg.Wait() + close(wgDone) + }() + + select { + case <-wgDone: + log.Println("download finished") + return nil + case err = <-errorChannel: + close(errorChannel) return err } - - return nil } // DownloadTools prepare download folder, and download the required installation tools for download. The downloads From 66f095b499b69814ba30dc9e37224ce237b60b7e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9ssica=20Marinho?= Date: Wed, 23 Nov 2022 10:13:50 -0300 Subject: [PATCH 17/33] feat: Add argocd ingress route (#776) Signed-off-by: Jessica Marinho - Add argocd ingress route to allow traefik use a different certificate - Fix argocd domain --- cmd/local/postrun.go | 17 ++++++++++++----- internal/argocd/argocd.go | 2 +- 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/cmd/local/postrun.go b/cmd/local/postrun.go index 409f196ee..144fa6f81 100644 --- a/cmd/local/postrun.go +++ b/cmd/local/postrun.go @@ -1,16 +1,18 @@ package local import ( - "github.com/kubefirst/kubefirst/configs" - "github.com/kubefirst/kubefirst/internal/k8s" - "github.com/kubefirst/kubefirst/internal/reports" - "github.com/kubefirst/kubefirst/pkg" - "github.com/spf13/cobra" + "fmt" "log" "os" "os/signal" "sync" "syscall" + + "github.com/kubefirst/kubefirst/configs" + "github.com/kubefirst/kubefirst/internal/k8s" + "github.com/kubefirst/kubefirst/internal/reports" + "github.com/kubefirst/kubefirst/pkg" + "github.com/spf13/cobra" ) func runPostLocal(cmd *cobra.Command, args []string) error { @@ -78,6 +80,11 @@ func runPostLocal(cmd *cobra.Command, args []string) error { reports.LocalHandoffScreen(dryRun, silentMode) + _, _, err = pkg.ExecShellReturnStrings(config.KubectlClientPath, "--kubeconfig", config.KubeConfigPath, "-n", "argocd", "apply", "-f", fmt.Sprintf("%s/gitops/ingressroute.yaml", config.K1FolderPath)) + if err != nil { + log.Printf("failed to create ingress route to argocd: %s", err) + } + log.Println("Kubefirst Console available at: http://localhost:9094", silentMode) // managing termination signal from the terminal diff --git a/internal/argocd/argocd.go b/internal/argocd/argocd.go index 65fda3673..89b54d855 100644 --- a/internal/argocd/argocd.go +++ b/internal/argocd/argocd.go @@ -476,7 +476,7 @@ func GetArgoCDInitialLocalConfig(gitOpsRepo string, botPrivateKey string) Config argoCDConfig.Server.Ingress.Enabled = "true" argoCDConfig.Server.Ingress.Annotations.IngressKubernetesIoRewriteTarget = "/" argoCDConfig.Server.Ingress.Annotations.IngressKubernetesIoBackendProtocol = "HTTPS" - argoCDConfig.Server.Ingress.Hosts = []string{"argocd.localhost"} + argoCDConfig.Server.Ingress.Hosts = []string{"argocd.localdev.me"} argoCDConfig.Server.Ingress.Annotations.IngressKubernetesIoActionsSslRedirect.Type = "redirect" argoCDConfig.Server.Ingress.Annotations.IngressKubernetesIoActionsSslRedirect.RedirectConfig.Protocol = "HTTPS" From 116521af157d1d2a02f4a364b60dc3a5436a812d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Vanzuita?= Date: Wed, 23 Nov 2022 10:24:53 -0300 Subject: [PATCH 18/33] chore: update argo config yaml MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: João Vanzuita --- cmd/local/local.go | 5 +++- internal/argocd/argocd.go | 21 ++++----------- internal/downloadManager/download.go | 1 - internal/ssl/ssl.go | 39 ++++++++++------------------ 4 files changed, 22 insertions(+), 44 deletions(-) diff --git a/cmd/local/local.go b/cmd/local/local.go index 657a27945..7be4b56b8 100644 --- a/cmd/local/local.go +++ b/cmd/local/local.go @@ -160,9 +160,12 @@ func runLocal(cmd *cobra.Command, args []string) error { progressPrinter.IncrementTracker("step-base", 1) progressPrinter.IncrementTracker("step-github", 1) - // create local certs using MKCert tool + // + // create local certs using MkCert tool + // log.Println("installing CA from MkCert") ssl.InstallCALocal(config) + log.Println("installing CA from MkCert done") log.Println("creating local certificates") if err := ssl.CreateCertificatesForLocalWrapper(config); err != nil { diff --git a/internal/argocd/argocd.go b/internal/argocd/argocd.go index 65fda3673..aaa06f3f0 100644 --- a/internal/argocd/argocd.go +++ b/internal/argocd/argocd.go @@ -45,17 +45,9 @@ type Config struct { Ingress struct { Enabled string `yaml:"enabled"` Annotations struct { - IngressKubernetesIoRewriteTarget string `yaml:"ingress.kubernetes.io/rewrite-target"` - IngressKubernetesIoBackendProtocol string `yaml:"ingress.kubernetes.io/backend-protocol"` - - IngressKubernetesIoActionsSslRedirect struct { - Type string `json:"Type"` - RedirectConfig struct { - Protocol string `json:"Protocol"` - Port string `json:"Port"` - StatusCode string `json:"StatusCode"` - } `json:"RedirectConfig"` - } `json:"ingress.kubernetes.io/actions.ssl-redirect"` + IngressKubernetesIoRewriteTarget string `yaml:"ingress.kubernetes.io/rewrite-target"` + IngressKubernetesIoBackendProtocol string `yaml:"ingress.kubernetes.io/backend-protocol"` + IngressKubernetesIoActionsSslRedirect string `json:"ingress.kubernetes.io/actions.ssl-redirect"` } `yaml:"annotations"` Hosts []string `yaml:"hosts"` TLS []TLSConfig `yaml:"tls"` @@ -476,12 +468,9 @@ func GetArgoCDInitialLocalConfig(gitOpsRepo string, botPrivateKey string) Config argoCDConfig.Server.Ingress.Enabled = "true" argoCDConfig.Server.Ingress.Annotations.IngressKubernetesIoRewriteTarget = "/" argoCDConfig.Server.Ingress.Annotations.IngressKubernetesIoBackendProtocol = "HTTPS" - argoCDConfig.Server.Ingress.Hosts = []string{"argocd.localhost"} + argoCDConfig.Server.Ingress.Annotations.IngressKubernetesIoActionsSslRedirect = `'{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'` - argoCDConfig.Server.Ingress.Annotations.IngressKubernetesIoActionsSslRedirect.Type = "redirect" - argoCDConfig.Server.Ingress.Annotations.IngressKubernetesIoActionsSslRedirect.RedirectConfig.Protocol = "HTTPS" - argoCDConfig.Server.Ingress.Annotations.IngressKubernetesIoActionsSslRedirect.RedirectConfig.Port = "443" - argoCDConfig.Server.Ingress.Annotations.IngressKubernetesIoActionsSslRedirect.RedirectConfig.StatusCode = "HTTP_301" + argoCDConfig.Server.Ingress.Hosts = []string{"argocd.localhost"} return argoCDConfig } diff --git a/internal/downloadManager/download.go b/internal/downloadManager/download.go index 1f937524b..e014f82c2 100644 --- a/internal/downloadManager/download.go +++ b/internal/downloadManager/download.go @@ -20,7 +20,6 @@ import ( ) // DownloadLocalTools - Download extra tools needed for local installations scenarios -// todo: download in parallel func DownloadLocalTools(config *configs.Config) error { toolsDirPath := fmt.Sprintf("%s/tools", config.K1FolderPath) err := createDirIfDontExist(toolsDirPath) diff --git a/internal/ssl/ssl.go b/internal/ssl/ssl.go index 3dbb91a30..0f8940893 100644 --- a/internal/ssl/ssl.go +++ b/internal/ssl/ssl.go @@ -249,6 +249,7 @@ func InstallCALocal(config *configs.Config) { } } +// todo: make destroy call it func UninstallCALocal(config *configs.Config) { _, _, err := pkg.ExecShellReturnStrings(config.MkCertPath, "-uninstall") if err != nil { @@ -256,26 +257,6 @@ func UninstallCALocal(config *configs.Config) { } } -//func CreateCertsLocal(config *configs.Config) { -// log.Printf("Generating certificate argo.localdev.me on %s", config.MkCertPath) -// _, _, err := pkg.ExecShellReturnStrings(config.MkCertPath, "argo.localdev.me", "-cert-file", "argo-cert.pem", "-key-file", "argo-key.pem") -// if err != nil { -// log.Printf("failed to generate Argo certificate using mkCert: %s", err) -// } -// -// log.Printf("Generating certificate argocd.localdev.me on %s", config.MkCertPath) -// _, _, err = pkg.ExecShellReturnStrings(config.MkCertPath, "argocd.localdev.me", "-cert-file", "argocd-cert.pem", "-key-file", "argocd-key.pem") -// if err != nil { -// log.Printf("failed to generate ArgoCD certificate using mkCert: %s", err) -// } -// -// log.Printf("Generating certificate vault.localdev.me on %s", config.MkCertPath) -// _, _, err = pkg.ExecShellReturnStrings(config.MkCertPath, "vault.localdev.me", "-cert-file", "vault-cert.pem", "-key-file", "vault-key.pem") -// if err != nil { -// log.Printf("failed to generate Vault certificate using mkCert: %s", err) -// } -//} - // CreateCertificatesForLocalWrapper groups a certification creation call into a wrapper. The provided application // list is used to create SSL certificates for each of the provided application. func CreateCertificatesForLocalWrapper(config *configs.Config) error { @@ -300,15 +281,21 @@ func CreateCertificatesForLocalWrapper(config *configs.Config) error { // the certificates, store them in files, and store the certificates in the host trusted store. func createCertificateForLocal(config *configs.Config, appName string) error { - certsFolder := config.MkCertPemFilesPath - - fullAppAddress := appName + "." + pkg.LocalDNS // example: app-name.localdev.me - certFileName := certsFolder + appName + "-cert.pem" // example: app-name-cert.pem - keyFileName := certsFolder + appName + "-key.pem" // example: app-name-key.pem + fullAppAddress := appName + "." + pkg.LocalDNS // example: app-name.localdev.me + certFileName := config.MkCertPemFilesPath + appName + "-cert.pem" // example: app-name-cert.pem + keyFileName := config.MkCertPemFilesPath + appName + "-key.pem" // example: app-name-key.pem log.Printf("generating certificate %s.localdev.me on %s", appName, config.MkCertPath) - _, _, err := pkg.ExecShellReturnStrings(config.MkCertPath, "-cert-file", certFileName, "-key-file", keyFileName, pkg.LocalDNS, fullAppAddress) + _, _, err := pkg.ExecShellReturnStrings( + config.MkCertPath, + "-cert-file", + certFileName, + "-key-file", + keyFileName, + pkg.LocalDNS, + fullAppAddress, + ) if err != nil { return fmt.Errorf("failed to generate %s SSL certificate using MkCert: %v", appName, err) } From a217da0c7d9f45bf3026d44c72751f5c519cf990 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Vanzuita?= Date: Wed, 23 Nov 2022 12:17:26 -0300 Subject: [PATCH 19/33] chore: update tls MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: João Vanzuita --- configs/config.go | 5 +++-- internal/argocd/argocd.go | 9 ++++++++- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/configs/config.go b/configs/config.go index e81fc6c87..e7b69be8f 100644 --- a/configs/config.go +++ b/configs/config.go @@ -121,7 +121,6 @@ func ReadConfig() *Config { config.K3dPath = fmt.Sprintf("%s/tools/k3d", config.K1FolderPath) config.CertsPath = fmt.Sprintf("%s/ssl", config.K1FolderPath) config.MkCertPath = fmt.Sprintf("%s/tools/mkcert", config.K1FolderPath) - config.MkCertPath = fmt.Sprintf("%s/tools/mkcert", config.K1FolderPath) config.MkCertPemFilesPath = fmt.Sprintf("%s/tools/certs/", config.K1FolderPath) config.NgrokVersion = "v3" config.TerraformVersion = "1.0.11" @@ -134,7 +133,9 @@ func ReadConfig() *Config { config.MkCertVersion = "v1.4.4" config.InstallerEmail = "kubefirst-bot@kubefirst.com" - config.AppListForCertificate = []string{"argocd", "argo", "vault"} + config.AppListForCertificate = []string{ + "argocd", "argo", "vault", "chartmuseum", "minio", "minio-console", "atlantis", "kubefirst-console", + } config.MetaphorTemplateURL = "https://github.com/kubefirst/metaphor-template.git" config.GitopsTemplateURL = "https://github.com/kubefirst/gitops-template-gh.git" diff --git a/internal/argocd/argocd.go b/internal/argocd/argocd.go index 32d5114cf..0cc1ecb2d 100644 --- a/internal/argocd/argocd.go +++ b/internal/argocd/argocd.go @@ -468,9 +468,16 @@ func GetArgoCDInitialLocalConfig(gitOpsRepo string, botPrivateKey string) Config argoCDConfig.Server.Ingress.Enabled = "true" argoCDConfig.Server.Ingress.Annotations.IngressKubernetesIoRewriteTarget = "/" argoCDConfig.Server.Ingress.Annotations.IngressKubernetesIoBackendProtocol = "HTTPS" - argoCDConfig.Server.Ingress.Annotations.IngressKubernetesIoActionsSslRedirect = `'{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'` + argoCDConfig.Server.Ingress.Annotations.IngressKubernetesIoActionsSslRedirect = `{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}` argoCDConfig.Server.Ingress.Hosts = []string{"argocd.localdev.me"} + argoCDConfig.Server.Ingress.TLS = []TLSConfig{ + { + Hosts: []string{"argocd.localdev.me"}, + SecretName: "argocd-tls", + }, + } + return argoCDConfig } From 9183207e504b7a6d4d45149c4cbe6c87073475b9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Vanzuita?= Date: Wed, 23 Nov 2022 12:29:22 -0300 Subject: [PATCH 20/33] chore: wip MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: João Vanzuita --- configs/config.go | 5 +++++ internal/k8s/wrappers.go | 10 ++++++---- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/configs/config.go b/configs/config.go index e7b69be8f..7edff89b1 100644 --- a/configs/config.go +++ b/configs/config.go @@ -136,6 +136,11 @@ func ReadConfig() *Config { config.AppListForCertificate = []string{ "argocd", "argo", "vault", "chartmuseum", "minio", "minio-console", "atlantis", "kubefirst-console", } + // todo: parei aqui + type AppListForCert struct { + namespace string + appName string + } config.MetaphorTemplateURL = "https://github.com/kubefirst/metaphor-template.git" config.GitopsTemplateURL = "https://github.com/kubefirst/gitops-template-gh.git" diff --git a/internal/k8s/wrappers.go b/internal/k8s/wrappers.go index 9ff922cf2..79839d073 100644 --- a/internal/k8s/wrappers.go +++ b/internal/k8s/wrappers.go @@ -154,10 +154,10 @@ func CreateSecretsFromCertificatesForLocalWrapper(config *configs.Config) error for _, appName := range config.AppListForCertificate { - certsFolder := config.MkCertPemFilesPath + certFileName := config.MkCertPemFilesPath + appName + "-cert.pem" // example: app-name-cert.pem + keyFileName := config.MkCertPemFilesPath + appName + "-key.pem" // example: app-name-key.pem - certFileName := certsFolder + appName + "-cert.pem" // example: app-name-cert.pem - keyFileName := certsFolder + appName + "-key.pem" // example: app-name-key.pem + log.Printf("creating TLS k8s secret for %s", appName) // open file content certContent, err := pkg.GetFileContent(certFileName) @@ -177,8 +177,10 @@ func CreateSecretsFromCertificatesForLocalWrapper(config *configs.Config) error // save content into secret err = CreateSecret(appName, appName+"-tls", data) if err != nil { - return err + log.Println(err) } + + log.Printf("creating TLS k8s secret for %s done", appName) } return nil From 7a3b7cab3025e501b720b9bd0e01dea66906917e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Vanzuita?= Date: Wed, 23 Nov 2022 13:40:57 -0300 Subject: [PATCH 21/33] chore: update struct MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: João Vanzuita --- configs/config.go | 20 +++++------------- internal/k8s/wrappers.go | 12 +++++------ internal/ssl/ssl.go | 16 +++++++------- pkg/helpers.go | 45 ++++++++++++++++++++++++++++++++++++++++ 4 files changed, 64 insertions(+), 29 deletions(-) diff --git a/configs/config.go b/configs/config.go index 7edff89b1..30435491c 100644 --- a/configs/config.go +++ b/configs/config.go @@ -43,9 +43,6 @@ type Config struct { MkCertPath string MkCertPemFilesPath string - // todo: add remaining apps - AppListForCertificate []string - HostedZoneName string `env:"HOSTED_ZONE_NAME"` ClusterName string `env:"CLUSTER_NAME"` AwsRegion string `env:"AWS_REGION"` @@ -120,8 +117,6 @@ func ReadConfig() *Config { config.HelmClientPath = fmt.Sprintf("%s/tools/helm", config.K1FolderPath) config.K3dPath = fmt.Sprintf("%s/tools/k3d", config.K1FolderPath) config.CertsPath = fmt.Sprintf("%s/ssl", config.K1FolderPath) - config.MkCertPath = fmt.Sprintf("%s/tools/mkcert", config.K1FolderPath) - config.MkCertPemFilesPath = fmt.Sprintf("%s/tools/certs/", config.K1FolderPath) config.NgrokVersion = "v3" config.TerraformVersion = "1.0.11" config.ArgoCDChartHelmVersion = "4.10.5" @@ -130,17 +125,12 @@ func ReadConfig() *Config { config.HelmVersion = "v3.6.1" config.KubectlVersionM1 = "v1.21.14" config.K3dVersion = "v5.4.6" - config.MkCertVersion = "v1.4.4" - config.InstallerEmail = "kubefirst-bot@kubefirst.com" - config.AppListForCertificate = []string{ - "argocd", "argo", "vault", "chartmuseum", "minio", "minio-console", "atlantis", "kubefirst-console", - } - // todo: parei aqui - type AppListForCert struct { - namespace string - appName string - } + + // certificates + config.MkCertPath = fmt.Sprintf("%s/tools/mkcert", config.K1FolderPath) + config.MkCertPemFilesPath = fmt.Sprintf("%s/tools/certs/", config.K1FolderPath) + config.MkCertVersion = "v1.4.4" config.MetaphorTemplateURL = "https://github.com/kubefirst/metaphor-template.git" config.GitopsTemplateURL = "https://github.com/kubefirst/gitops-template-gh.git" diff --git a/internal/k8s/wrappers.go b/internal/k8s/wrappers.go index 79839d073..1dfcc742d 100644 --- a/internal/k8s/wrappers.go +++ b/internal/k8s/wrappers.go @@ -152,12 +152,12 @@ func OpenPortForwardWrapper(podName string, namespace string, podPort int, podLo func CreateSecretsFromCertificatesForLocalWrapper(config *configs.Config) error { - for _, appName := range config.AppListForCertificate { + for _, app := range pkg.GetCertificateAppList() { - certFileName := config.MkCertPemFilesPath + appName + "-cert.pem" // example: app-name-cert.pem - keyFileName := config.MkCertPemFilesPath + appName + "-key.pem" // example: app-name-key.pem + certFileName := config.MkCertPemFilesPath + app.AppName + "-cert.pem" // example: app-name-cert.pem + keyFileName := config.MkCertPemFilesPath + app.AppName + "-key.pem" // example: app-name-key.pem - log.Printf("creating TLS k8s secret for %s", appName) + log.Printf("creating TLS k8s secret for %s", app.AppName) // open file content certContent, err := pkg.GetFileContent(certFileName) @@ -175,12 +175,12 @@ func CreateSecretsFromCertificatesForLocalWrapper(config *configs.Config) error data["tls.key"] = keyContent // save content into secret - err = CreateSecret(appName, appName+"-tls", data) + err = CreateSecret(app.Namespace, app.AppName+"-tls", data) if err != nil { log.Println(err) } - log.Printf("creating TLS k8s secret for %s done", appName) + log.Printf("creating TLS k8s secret for %s done", app.AppName) } return nil diff --git a/internal/ssl/ssl.go b/internal/ssl/ssl.go index 0f8940893..1bea69b60 100644 --- a/internal/ssl/ssl.go +++ b/internal/ssl/ssl.go @@ -268,8 +268,8 @@ func CreateCertificatesForLocalWrapper(config *configs.Config) error { return err } - for _, appName := range config.AppListForCertificate { - if err := createCertificateForLocal(config, appName); err != nil { + for _, cert := range pkg.GetCertificateAppList() { + if err := createCertificateForLocal(config, cert); err != nil { return err } } @@ -279,13 +279,13 @@ func CreateCertificatesForLocalWrapper(config *configs.Config) error { // createCertificateForLocal issue certificates for a specific application. MkCert is the tool who is going to create // the certificates, store them in files, and store the certificates in the host trusted store. -func createCertificateForLocal(config *configs.Config, appName string) error { +func createCertificateForLocal(config *configs.Config, app pkg.CertificateAppList) error { - fullAppAddress := appName + "." + pkg.LocalDNS // example: app-name.localdev.me - certFileName := config.MkCertPemFilesPath + appName + "-cert.pem" // example: app-name-cert.pem - keyFileName := config.MkCertPemFilesPath + appName + "-key.pem" // example: app-name-key.pem + fullAppAddress := app.AppName + "." + pkg.LocalDNS // example: app-name.localdev.me + certFileName := config.MkCertPemFilesPath + app.AppName + "-cert.pem" // example: app-name-cert.pem + keyFileName := config.MkCertPemFilesPath + app.AppName + "-key.pem" // example: app-name-key.pem - log.Printf("generating certificate %s.localdev.me on %s", appName, config.MkCertPath) + log.Printf("generating certificate %s.localdev.me on %s", app.AppName, config.MkCertPath) _, _, err := pkg.ExecShellReturnStrings( config.MkCertPath, @@ -297,7 +297,7 @@ func createCertificateForLocal(config *configs.Config, appName string) error { fullAppAddress, ) if err != nil { - return fmt.Errorf("failed to generate %s SSL certificate using MkCert: %v", appName, err) + return fmt.Errorf("failed to generate %s SSL certificate using MkCert: %v", app.AppName, err) } return nil diff --git a/pkg/helpers.go b/pkg/helpers.go index 0ab1d581e..d46c7c9a1 100644 --- a/pkg/helpers.go +++ b/pkg/helpers.go @@ -670,3 +670,48 @@ func GetFileContent(filePath string) ([]byte, error) { return byteData, nil } + +type CertificateAppList struct { + Namespace string + AppName string +} + +func GetCertificateAppList() []CertificateAppList { + + certificateAppList := []CertificateAppList{ + { + Namespace: "argo", + AppName: "argo", + }, + { + Namespace: "argocd", + AppName: "argocd", + }, + { + Namespace: "atlantis", + AppName: "atlantis", + }, + { + Namespace: "chartmuseum", + AppName: "chartmuseum", + }, + { + Namespace: "vault", + AppName: "vault", + }, + { + Namespace: "minio", + AppName: "minio", + }, + { + Namespace: "minio", + AppName: "minio-console", + }, + { + Namespace: "kubefirst", + AppName: "kubefirst-console", + }, + } + + return certificateAppList +} From ee6cf22b2f2e2b051cfabb85f3524fd998ae5296 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Vanzuita?= Date: Wed, 23 Nov 2022 14:23:49 -0300 Subject: [PATCH 22/33] chore: fix typo MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: João Vanzuita --- internal/argocd/argocd.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/argocd/argocd.go b/internal/argocd/argocd.go index 0cc1ecb2d..d810f8b46 100644 --- a/internal/argocd/argocd.go +++ b/internal/argocd/argocd.go @@ -47,7 +47,7 @@ type Config struct { Annotations struct { IngressKubernetesIoRewriteTarget string `yaml:"ingress.kubernetes.io/rewrite-target"` IngressKubernetesIoBackendProtocol string `yaml:"ingress.kubernetes.io/backend-protocol"` - IngressKubernetesIoActionsSslRedirect string `json:"ingress.kubernetes.io/actions.ssl-redirect"` + IngressKubernetesIoActionsSslRedirect string `yaml:"ingress.kubernetes.io/actions.ssl-redirect"` } `yaml:"annotations"` Hosts []string `yaml:"hosts"` TLS []TLSConfig `yaml:"tls"` From 05f8b123268bc9422b32b7e8941567057338d755 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Vanzuita?= Date: Wed, 23 Nov 2022 14:46:41 -0300 Subject: [PATCH 23/33] feat: add integration test for TLS on localdev.me MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: João Vanzuita --- Taskfile.yaml | 3 ++ internal/ssl/ssl_test.go | 69 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 72 insertions(+) create mode 100644 internal/ssl/ssl_test.go diff --git a/Taskfile.yaml b/Taskfile.yaml index b76b8f0fa..cf58e0df5 100644 --- a/Taskfile.yaml +++ b/Taskfile.yaml @@ -22,3 +22,6 @@ tasks: - go test -v -run TestIsEKSDestroyedIntegration ./internal/aws || echo $? - go run . clean --destroy-buckets --destroy-confirm || echo $? - aws s3 sync $HOME/kubefirst/logs s3://$CICD_LOGS_BUCKET + integration-test-for-tls-localdev: + # GOFLAGS="-count=1" disable cache on tests + - GOFLAGS="-count=1" go test -v -run TestArgoCertificateIntegration ./internal/ssl diff --git a/internal/ssl/ssl_test.go b/internal/ssl/ssl_test.go new file mode 100644 index 000000000..bc42eb140 --- /dev/null +++ b/internal/ssl/ssl_test.go @@ -0,0 +1,69 @@ +package ssl + +import ( + "crypto/tls" + "testing" +) + +// todo: use URL constants for app addresses +func TestArgoCertificateIntegration(t *testing.T) { + if testing.Short() { + t.Skip("skipping integration test") + } + + const SSLPort = ":443" + + tests := []struct { + name string + address string + }{ + { + name: "argo", + address: "argo.localdev.me", + }, + { + name: "argocd", + address: "argocd.localdev.me", + }, + { + name: "atlantis", + address: "atlantis.localdev.me", + }, + { + name: "chartmuseum", + address: "chartmuseum.localdev.me", + }, + { + name: "vault", + address: "vault.localdev.me", + }, + { + name: "minio", + address: "minio.localdev.me", + }, + { + name: "minio-console", + address: "minio-console.localdev.me", + }, + { + name: "kubefirst", + address: "kubefirst-console.localdev.me", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + conn, err := tls.Dial("tcp", tt.address+SSLPort, nil) + if err != nil { + t.Logf("testing %s , address %s", tt.name, tt.address) + t.Error(err) + return + } + err = conn.VerifyHostname(tt.address) + if err != nil { + t.Error(err) + } + }) + } + +} From 2d2350e5dfa73b4fd4caf4248ecf10731b4aa121 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Paulo=20Vanzuita?= Date: Thu, 24 Nov 2022 09:20:35 -0300 Subject: [PATCH 24/33] feat: remove port forwards (except atlantis), use ingress (#777) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: remove port forwards (except atlantis), use ingress * feat: disable port forwards for local destroy * chore: update gitops branch for local Signed-off-by: João Vanzuita --- cmd/destroyLocalGithub.go | 27 +------------ cmd/local/local.go | 53 +------------------------ cmd/local/postrun.go | 78 ++++++++++++++++++------------------- internal/k8s/kubernetes.go | 3 +- internal/k8s/wrappers.go | 2 +- internal/reports/section.go | 14 +++---- pkg/constants.go | 24 +++++++++--- pkg/helpers.go | 12 +++--- pkg/ngrok.go | 17 ++++++-- 9 files changed, 88 insertions(+), 142 deletions(-) diff --git a/cmd/destroyLocalGithub.go b/cmd/destroyLocalGithub.go index f246dcd1b..d2950bc99 100644 --- a/cmd/destroyLocalGithub.go +++ b/cmd/destroyLocalGithub.go @@ -81,7 +81,6 @@ var destroyLocalGithubCmd = &cobra.Command{ log.Println("\nKUBEFIRST_GITHUB_AUTH_TOKEN set via OAuth") } - // todo: temporary code err = pkg.UpdateTerraformS3BackendForLocalhostAddress() if err != nil { return err @@ -92,33 +91,9 @@ var destroyLocalGithubCmd = &cobra.Command{ //* step 1.1 - open port-forward to state store and vault // todo --skip-git-terraform - // Vault port-forward - vaultStopChannel := make(chan struct{}, 1) - defer func() { - close(vaultStopChannel) - }() - k8s.OpenPortForwardWrapper( - pkg.VaultPodName, - pkg.VaultNamespace, - pkg.VaultPodPort, - pkg.VaultPodLocalPort, - vaultStopChannel, - ) - k8s.LoopUntilPodIsReady(globalFlags.DryRun) - minioStopChannel := make(chan struct{}, 1) - defer func() { - close(minioStopChannel) - }() - k8s.OpenPortForwardWrapper( - pkg.MinioPodName, - pkg.MinioNamespace, - pkg.MinioPodPort, - pkg.MinioPodLocalPort, - minioStopChannel, - ) - + // todo: remove it time.Sleep(20 * time.Second) //* step 1.3 - terraform destroy github diff --git a/cmd/local/local.go b/cmd/local/local.go index 7be4b56b8..64f0e2cee 100644 --- a/cmd/local/local.go +++ b/cmd/local/local.go @@ -239,20 +239,6 @@ func runLocal(cmd *cobra.Command, args []string) error { log.Println("already waited for argocd to be ready") } - // ArgoCD port-forward - argoCDStopChannel := make(chan struct{}, 1) - defer func() { - close(argoCDStopChannel) - }() - k8s.OpenPortForwardWrapper( - pkg.ArgoCDPodName, - pkg.ArgoCDNamespace, - pkg.ArgoCDPodPort, - pkg.ArgoCDPodLocalPort, - argoCDStopChannel, - ) - pkg.InformUser(fmt.Sprintf("port-forward to argocd is available at %s", viper.GetString("argocd.local.service")), silentMode) - // argocd pods are ready, get and set credentials executionControl = viper.GetBool("argocd.credentials.set") if !executionControl { @@ -288,33 +274,8 @@ func runLocal(cmd *cobra.Command, args []string) error { vault.WaitVaultToBeRunning(dryRun) } - // Vault port-forward - vaultStopChannel := make(chan struct{}, 1) - defer func() { - close(vaultStopChannel) - }() - k8s.OpenPortForwardWrapper( - pkg.VaultPodName, - pkg.VaultNamespace, - pkg.VaultPodPort, - pkg.VaultPodLocalPort, - vaultStopChannel, - ) - k8s.LoopUntilPodIsReady(dryRun) - minioStopChannel := make(chan struct{}, 1) - defer func() { - close(minioStopChannel) - }() - k8s.OpenPortForwardWrapper( - pkg.MinioPodName, - pkg.MinioNamespace, - pkg.MinioPodPort, - pkg.MinioPodLocalPort, - minioStopChannel, - ) - // todo: can I remove it? time.Sleep(20 * time.Second) @@ -372,20 +333,8 @@ func runLocal(cmd *cobra.Command, args []string) error { progressPrinter.IncrementTracker("step-apps", 1) if !viper.GetBool("chartmuseum.host.resolved") { - // Chartmuseum port-forward - chartmuseumStopChannel := make(chan struct{}, 1) - defer func() { - close(chartmuseumStopChannel) - }() - k8s.OpenPortForwardWrapper( - pkg.ChartmuseumPodName, - pkg.ChartmuseumNamespace, - pkg.ChartmuseumPodPort, - pkg.ChartmuseumPodLocalPort, - chartmuseumStopChannel, - ) - pkg.AwaitHostNTimes("http://localhost:8181/health", 5, 5) + pkg.AwaitHostNTimes(pkg.ChartmuseumLocalURL+"/health", 5, 5) viper.Set("chartmuseum.host.resolved", true) viper.WriteConfig() } else { diff --git a/cmd/local/postrun.go b/cmd/local/postrun.go index 144fa6f81..7a35baa59 100644 --- a/cmd/local/postrun.go +++ b/cmd/local/postrun.go @@ -22,54 +22,54 @@ func runPostLocal(cmd *cobra.Command, args []string) error { return nil } - // every port forward has its own closing control. when a channel is closed, the port forward is close. - vaultStopChannel := make(chan struct{}, 1) - argoStopChannel := make(chan struct{}, 1) - argoCDStopChannel := make(chan struct{}, 1) - chartmuseumStopChannel := make(chan struct{}, 1) - minioStopChannel := make(chan struct{}, 1) - minioConsoleStopChannel := make(chan struct{}, 1) - kubefirstConsoleStopChannel := make(chan struct{}, 1) - AtlantisStopChannel := make(chan struct{}, 1) - - // guarantee it will close the port forwards even on a process kill - defer func() { - close(vaultStopChannel) - close(argoStopChannel) - close(argoCDStopChannel) - close(chartmuseumStopChannel) - close(minioStopChannel) - close(minioConsoleStopChannel) - close(kubefirstConsoleStopChannel) - close(AtlantisStopChannel) - log.Println("leaving port-forward command, port forwards are now closed") - }() - - err := k8s.OpenPortForwardForLocal( - vaultStopChannel, - argoStopChannel, - argoCDStopChannel, - chartmuseumStopChannel, - minioStopChannel, - minioConsoleStopChannel, - kubefirstConsoleStopChannel, - AtlantisStopChannel, - ) - if err != nil { - return err - } + //// every port forward has its own closing control. when a channel is closed, the port forward is close. + //vaultStopChannel := make(chan struct{}, 1) + //argoStopChannel := make(chan struct{}, 1) + //argoCDStopChannel := make(chan struct{}, 1) + //chartmuseumStopChannel := make(chan struct{}, 1) + //minioStopChannel := make(chan struct{}, 1) + //minioConsoleStopChannel := make(chan struct{}, 1) + //kubefirstConsoleStopChannel := make(chan struct{}, 1) + //AtlantisStopChannel := make(chan struct{}, 1) + // + //// guarantee it will close the port forwards even on a process kill + //defer func() { + // close(vaultStopChannel) + // close(argoStopChannel) + // close(argoCDStopChannel) + // close(chartmuseumStopChannel) + // close(minioStopChannel) + // close(minioConsoleStopChannel) + // close(kubefirstConsoleStopChannel) + // close(AtlantisStopChannel) + // log.Println("leaving port-forward command, port forwards are now closed") + //}() + // + //err := k8s.OpenPortForwardForLocal( + // vaultStopChannel, + // argoStopChannel, + // argoCDStopChannel, + // chartmuseumStopChannel, + // minioStopChannel, + // minioConsoleStopChannel, + // kubefirstConsoleStopChannel, + // AtlantisStopChannel, + //) + //if err != nil { + // return err + //} config := configs.ReadConfig() log.Println("storing certificates into application secrets namespace") - if err = k8s.CreateSecretsFromCertificatesForLocalWrapper(config); err != nil { + if err := k8s.CreateSecretsFromCertificatesForLocalWrapper(config); err != nil { log.Println(err) } log.Println("storing certificates into application secrets namespace done") log.Println("Starting the presentation of console and api for the handoff screen") - err = pkg.IsConsoleUIAvailable(pkg.KubefirstConsoleLocalURL) + err := pkg.IsConsoleUIAvailable(pkg.KubefirstConsoleLocalURL) if err != nil { log.Println(err) } @@ -85,7 +85,7 @@ func runPostLocal(cmd *cobra.Command, args []string) error { log.Printf("failed to create ingress route to argocd: %s", err) } - log.Println("Kubefirst Console available at: http://localhost:9094", silentMode) + log.Printf("Kubefirst Console available at: %s", pkg.KubefirstConsoleLocalURL) // managing termination signal from the terminal sigs := make(chan os.Signal, 1) diff --git a/internal/k8s/kubernetes.go b/internal/k8s/kubernetes.go index 1860f46f0..057184459 100644 --- a/internal/k8s/kubernetes.go +++ b/internal/k8s/kubernetes.go @@ -386,7 +386,8 @@ func LoopUntilPodIsReady(dryRun bool) { if len(token) == 0 { totalAttempts := 50 - url := "http://localhost:8200/v1/sys/health" + //url := "http://localhost:8200/v1/sys/health" + url := pkg.VaultLocalURL + "/v1/sys/health" for i := 0; i < totalAttempts; i++ { log.Printf("vault is not ready yet, sleeping and checking again, attempt (%d/%d)", i+1, totalAttempts) time.Sleep(10 * time.Second) diff --git a/internal/k8s/wrappers.go b/internal/k8s/wrappers.go index 1dfcc742d..fbede2974 100644 --- a/internal/k8s/wrappers.go +++ b/internal/k8s/wrappers.go @@ -157,7 +157,7 @@ func CreateSecretsFromCertificatesForLocalWrapper(config *configs.Config) error certFileName := config.MkCertPemFilesPath + app.AppName + "-cert.pem" // example: app-name-cert.pem keyFileName := config.MkCertPemFilesPath + app.AppName + "-key.pem" // example: app-name-key.pem - log.Printf("creating TLS k8s secret for %s", app.AppName) + log.Printf("creating TLS k8s secret for %s...", app.AppName) // open file content certContent, err := pkg.GetFileContent(certFileName) diff --git a/internal/reports/section.go b/internal/reports/section.go index a4f08efb9..9a8e7fa2c 100644 --- a/internal/reports/section.go +++ b/internal/reports/section.go @@ -43,7 +43,7 @@ func PrintSectionOverview() []byte { handOffData.WriteString(strings.Repeat("-", 70)) handOffData.WriteString(fmt.Sprintf("\nCluster %q is up and running!:", viper.GetString("cluster-name"))) handOffData.WriteString("\nThis information is available at $HOME/.kubefirst ") - handOffData.WriteString("\n\nAccess the kubefirst-console from your browser at:\n http://localhost:9094\n") + handOffData.WriteString("\n\nAccess the kubefirst-console from your browser at:\n" + pkg.KubefirstConsoleLocalURLTLS + "\n") handOffData.WriteString("\nPress ESC to leave this screen and return to your shell.") return handOffData.Bytes() @@ -63,7 +63,7 @@ func PrintSectionVault() []byte { var vaultURL string if viper.GetString("cloud") == pkg.CloudK3d { - vaultURL = "http://localhost:8200" + vaultURL = pkg.VaultLocalURLTLS } else { vaultURL = fmt.Sprintf("https://vault.%s", viper.GetString("aws.hostedzonename")) } @@ -80,7 +80,7 @@ func PrintSectionArgoCD() []byte { var argoCdURL string if viper.GetString("cloud") == pkg.CloudK3d { - argoCdURL = "http://localhost:8080" + argoCdURL = pkg.ArgoCDLocalURLTLS } else { argoCdURL = fmt.Sprintf("https://argocd.%s", viper.GetString("aws.hostedzonename")) } @@ -99,7 +99,7 @@ func PrintSectionArgoWorkflows() []byte { var argoWorkflowsURL string if viper.GetString("cloud") == pkg.CloudK3d { - argoWorkflowsURL = "http://localhost:2746" + argoWorkflowsURL = pkg.ArgoLocalURLTLS } else { argoWorkflowsURL = fmt.Sprintf("https://argo.%s", viper.GetString("aws.hostedzonename")) } @@ -123,7 +123,7 @@ func PrintSectionAtlantis() []byte { var atlantisUrl string if viper.GetString("cloud") == pkg.CloudK3d { - atlantisUrl = "http://localhost:4141" + atlantisUrl = pkg.AtlantisLocalURLTLS } else { atlantisUrl = fmt.Sprintf("https://atlantis.%s", viper.GetString("aws.hostedzonename")) } @@ -140,7 +140,7 @@ func PrintSectionMuseum() []byte { var chartmuseumURL string if viper.GetString("cloud") == pkg.CloudK3d { - chartmuseumURL = "http://localhost:8181" + chartmuseumURL = pkg.ChartmuseumLocalURLTLS } else { chartmuseumURL = fmt.Sprintf("https://chartmuseum.%s", viper.GetString("aws.hostedzonename")) } @@ -247,7 +247,7 @@ func HandoffScreen(dryRun bool, silentMode bool) { } -// HandoffScreen - prints the handoff screen +// LocalHandoffScreen prints the handoff screen func LocalHandoffScreen(dryRun bool, silentMode bool) { // prepare data for the handoff report if dryRun { diff --git a/pkg/constants.go b/pkg/constants.go index d2847ce5d..d3452ffce 100644 --- a/pkg/constants.go +++ b/pkg/constants.go @@ -38,7 +38,8 @@ const ( VaultNamespace = "vault" VaultPodPort = 8200 VaultPodLocalPort = 8200 - VaultLocalURL = "http://localhost:8200" + VaultLocalURL = "http://vault.localdev.me" + VaultLocalURLTLS = "https://vault.localdev.me" ) // Argo @@ -48,6 +49,7 @@ const ( ArgoPodPort = 2746 ArgoPodLocalPort = 2746 ArgoLocalURL = "http://localhost:2746" + ArgoLocalURLTLS = "https://argo.localdev.me" ) // ArgoCD @@ -56,7 +58,9 @@ const ( ArgoCDNamespace = "argocd" ArgoCDPodPort = 8080 ArgoCDPodLocalPort = 8080 - ArgoCDLocalURL = "http://localhost:8080" + //ArgoCDLocalURL = "http://localhost:8080" + ArgoCDLocalURL = "http://argocd.localdev.me" + ArgoCDLocalURLTLS = "https://argocd.localdev.me" ArgoCDLocalBaseURL = "https://localhost:8080/api/v1" ) @@ -66,7 +70,9 @@ const ( ChartmuseumNamespace = "chartmuseum" ChartmuseumPodPort = 8080 ChartmuseumPodLocalPort = 8181 - ChartmuseumLocalURL = "http://localhost:8181" + //ChartmuseumLocalURL = "http://localhost:8181" + ChartmuseumLocalURL = "http://chartmuseum.localdev.me" + ChartmuseumLocalURLTLS = "https://chartmuseum.localdev.me" ) // Minio @@ -75,7 +81,9 @@ const ( MinioNamespace = "minio" MinioPodPort = 9000 MinioPodLocalPort = 9000 - MinioURL = "http://localhost:9000" + //MinioURL = "http://localhost:9000" + MinioURL = "http://minio.localdev.me" + MinioURLTLS = "https://minio.localdev.me" ) // Minio Console @@ -85,6 +93,7 @@ const ( MinioConsolePodPort = 9001 MinioConsolePodLocalPort = 9001 MinioConsoleURL = "http://localhost:9001" + MinioConsoleURLTLS = "https://localhost:9001" ) // Kubefirst Console @@ -93,7 +102,8 @@ const ( KubefirstConsoleNamespace = "kubefirst" KubefirstConsolePodPort = 80 KubefirstConsolePodLocalPort = 9094 - KubefirstConsoleLocalURL = "http://localhost:9094" + KubefirstConsoleLocalURL = "http://kubefirst-console.localdev.me" + KubefirstConsoleLocalURLTLS = "https://kubefirst-console.localdev.me" ) // Atlantis @@ -102,6 +112,8 @@ const ( AtlantisNamespace = "atlantis" AtlantisPodPort = 4141 AtlantisPodLocalPort = 4141 - AtlantisLocalURL = "http://localhost:4141" + AtlantisLocalURL = "http://atlantis.localdev.me" + AtlantisLocalURLTLS = "https://atlantis.localdev.me" LocalAtlantisURL = "localhost:4141" // todo: + //LocalAtlantisURL = "atlantis.localdev.me" // todo: ) diff --git a/pkg/helpers.go b/pkg/helpers.go index d46c7c9a1..2dc86dc2d 100644 --- a/pkg/helpers.go +++ b/pkg/helpers.go @@ -509,7 +509,7 @@ func UpdateTerraformS3BackendForK8sAddress() error { vaultMainFile := fmt.Sprintf("%s/gitops/terraform/vault/main.tf", config.K1FolderPath) if err := replaceFileContent( vaultMainFile, - "http://127.0.0.1:9000", + MinioURL, "http://minio.minio.svc.cluster.local:9000", ); err != nil { return err @@ -520,7 +520,7 @@ func UpdateTerraformS3BackendForK8sAddress() error { fullPathKubefirstGitHubFile := fmt.Sprintf("%s/gitops/terraform/users/kubefirst-github.tf", config.K1FolderPath) if err := replaceFileContent( fullPathKubefirstGitHubFile, - "http://127.0.0.1:9000", + MinioURL, "http://minio.minio.svc.cluster.local:9000", ); err != nil { return err @@ -530,7 +530,7 @@ func UpdateTerraformS3BackendForK8sAddress() error { fullPathRemoteBackendFile := fmt.Sprintf("%s/gitops/terraform/github/remote-backend.tf", config.K1FolderPath) if err := replaceFileContent( fullPathRemoteBackendFile, - "http://127.0.0.1:9000", + MinioURL, "http://minio.minio.svc.cluster.local:9000", ); err != nil { return err @@ -551,7 +551,7 @@ func UpdateTerraformS3BackendForLocalhostAddress() error { if err := replaceFileContent( vaultMainFile, "http://minio.minio.svc.cluster.local:9000", - "http://127.0.0.1:9000", + MinioURL, ); err != nil { return err } @@ -562,7 +562,7 @@ func UpdateTerraformS3BackendForLocalhostAddress() error { if err := replaceFileContent( fullPathKubefirstGitHubFile, "http://minio.minio.svc.cluster.local:9000", - "http://127.0.0.1:9000", + MinioURL, ); err != nil { return err } @@ -572,7 +572,7 @@ func UpdateTerraformS3BackendForLocalhostAddress() error { if err := replaceFileContent( fullPathRemoteBackendFile, "http://minio.minio.svc.cluster.local:9000", - "http://127.0.0.1:9000", + MinioURL, ); err != nil { return err } diff --git a/pkg/ngrok.go b/pkg/ngrok.go index e85bac806..4108a6afa 100644 --- a/pkg/ngrok.go +++ b/pkg/ngrok.go @@ -3,17 +3,25 @@ package pkg import ( "context" "fmt" - "io" - "log" - "net" - "github.com/ngrok/ngrok-go" "github.com/ngrok/ngrok-go/config" "github.com/spf13/viper" "golang.org/x/sync/errgroup" + "io" + "log" + "net" ) func RunNgrok(ctx context.Context, dest string) { + + // todo: use it when atlantis port forward missing port in address issued is fixed + //atlantisURL, err := url.Parse(dest) + //if err != nil { + // log.Println(err) + //} + // + //dest = atlantisURL.Host + ":80" + tunnel, err := ngrok.StartTunnel(ctx, config.HTTPEndpoint(), ngrok.WithAuthtokenFromEnv()) if err != nil { log.Println(err) @@ -32,6 +40,7 @@ func RunNgrok(ctx context.Context, dest string) { log.Println("accepted connection from", conn.RemoteAddr()) go func() { + err := handleConn(ctx, dest, conn) log.Println("connection closed:", err) }() From e3d672fc747e957f02b812c4701f6efefa3d0c63 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Vanzuita?= Date: Thu, 24 Nov 2022 09:28:46 -0300 Subject: [PATCH 25/33] chore: clean up MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: João Vanzuita --- cmd/dev.go | 103 ------------------ cmd/local/postrun.go | 37 ------- cmd/root.go | 2 - internal/k8s/kubernetes.go | 207 ------------------------------------- 4 files changed, 349 deletions(-) delete mode 100644 cmd/dev.go diff --git a/cmd/dev.go b/cmd/dev.go deleted file mode 100644 index c67a328df..000000000 --- a/cmd/dev.go +++ /dev/null @@ -1,103 +0,0 @@ -package cmd - -import ( - "github.com/kubefirst/kubefirst/configs" - "github.com/kubefirst/kubefirst/internal/k8s" - "github.com/kubefirst/kubefirst/internal/ssl" - "github.com/spf13/cobra" - "log" -) - -func NewDevCommand() *cobra.Command { - devCommand := &cobra.Command{ - Use: "dev", - Short: "", - RunE: runDev, - } - return devCommand -} - -func runDev(cmd *cobra.Command, args []string) error { - - config := configs.ReadConfig() - - // create local certs using MKCert tool - log.Println("Installing CA from MkCert") - ssl.InstallCALocal(config) - log.Println("creating local certs using MkCert") - //ssl.CreateCertsLocal(config) - err := ssl.CreateCertificatesForLocalWrapper(config) - if err != nil { - return err - } - log.Println("creating local certificates done") - - log.Println("storing certificates into application secrets namespace") - if err := k8s.CreateSecretsFromCertificatesForLocalWrapper(config); err != nil { - log.Println(err) - } - //log.Println("storing certificates into application secrets namespace done") - - //argoCDConfig := argocd.Config{} - //// Repo config - //gitOpsRepo := fmt.Sprintf("git@%s:%s/gitops.git", viper.GetString("github.host"), viper.GetString("github.owner")) - // - //argoCDConfig.Configs.Repositories.RepoGitops.URL = gitOpsRepo - //argoCDConfig.Configs.Repositories.RepoGitops.Type = "git" - //argoCDConfig.Configs.Repositories.RepoGitops.Name = "github-gitops" - // - //// Credentials - //argoCDConfig.Configs.CredentialTemplates.SSHCreds.URL = gitOpsRepo - //argoCDConfig.Configs.CredentialTemplates.SSHCreds.SSHPrivateKey = viper.GetString("botprivatekey") - // - //// Ingress - //argoCDConfig.Server.ExtraArgs = []string{"--insecure"} - //argoCDConfig.Server.Ingress.Enabled = "true" - //argoCDConfig.Server.Ingress.Annotations.IngressKubernetesIoRewriteTarget = "/" - //argoCDConfig.Server.Ingress.Annotations.IngressKubernetesIoBackendProtocol = "HTTPS" - //argoCDConfig.Server.Ingress.Hosts = []string{"argocd.localhost"} - // - //argoCDConfig.Server.Ingress.TLS = append(argoCDConfig.Server.Ingress.TLS, argocd.TLSConfig{Hosts: []string{"argocd.localhost"}, SecretName: "argocd-secret"}) - // - //config := configs.ReadConfig() - //err := argocd.CreateInitialArgoCDRepository(config, argoCDConfig) - //if err != nil { - // return err - //} - - //// todo: add Thiago's path - //privKey, err := pkg.GetFileContent("./cert.pem") - //if err != nil { - // return err - //} - //// todo: add Thiago's path - //pubKey, err := pkg.GetFileContent("./key.pem") - //if err != nil { - // return err - //} - // - //data := map[string][]byte{ - // "privKey": privKey, - // "pubKey": pubKey, - //} - // - //err = k8s.CreateSecret("vault", "vault-tls", data) - //if err != nil { - // return err - //} - - //err := k8s.IngressCreate("vault", "vault", 8200) - //if err != nil { - // return err - //} - //err := k8s.IngressDelete("vault", "vault") - //if err != nil { - // return err - //} - //err := k8s.IngressAddRule("default", "k3d-ingress-rules", "vault", 8200) - //if err != nil { - // return err - //} - - return nil -} diff --git a/cmd/local/postrun.go b/cmd/local/postrun.go index 7a35baa59..2ccc9ccc7 100644 --- a/cmd/local/postrun.go +++ b/cmd/local/postrun.go @@ -22,43 +22,6 @@ func runPostLocal(cmd *cobra.Command, args []string) error { return nil } - //// every port forward has its own closing control. when a channel is closed, the port forward is close. - //vaultStopChannel := make(chan struct{}, 1) - //argoStopChannel := make(chan struct{}, 1) - //argoCDStopChannel := make(chan struct{}, 1) - //chartmuseumStopChannel := make(chan struct{}, 1) - //minioStopChannel := make(chan struct{}, 1) - //minioConsoleStopChannel := make(chan struct{}, 1) - //kubefirstConsoleStopChannel := make(chan struct{}, 1) - //AtlantisStopChannel := make(chan struct{}, 1) - // - //// guarantee it will close the port forwards even on a process kill - //defer func() { - // close(vaultStopChannel) - // close(argoStopChannel) - // close(argoCDStopChannel) - // close(chartmuseumStopChannel) - // close(minioStopChannel) - // close(minioConsoleStopChannel) - // close(kubefirstConsoleStopChannel) - // close(AtlantisStopChannel) - // log.Println("leaving port-forward command, port forwards are now closed") - //}() - // - //err := k8s.OpenPortForwardForLocal( - // vaultStopChannel, - // argoStopChannel, - // argoCDStopChannel, - // chartmuseumStopChannel, - // minioStopChannel, - // minioConsoleStopChannel, - // kubefirstConsoleStopChannel, - // AtlantisStopChannel, - //) - //if err != nil { - // return err - //} - config := configs.ReadConfig() log.Println("storing certificates into application secrets namespace") diff --git a/cmd/root.go b/cmd/root.go index 4f60b3e70..cdc88133b 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -43,6 +43,4 @@ func Execute() { func init() { cobra.OnInitialize() rootCmd.AddCommand(local.NewCommand()) - // todo: remove me before merging - rootCmd.AddCommand(NewDevCommand()) } diff --git a/internal/k8s/kubernetes.go b/internal/k8s/kubernetes.go index 057184459..18cd0df6b 100644 --- a/internal/k8s/kubernetes.go +++ b/internal/k8s/kubernetes.go @@ -7,7 +7,6 @@ import ( "fmt" "io" v1 "k8s.io/api/core/v1" - networking "k8s.io/api/networking/v1" "log" "net/http" "os" @@ -386,7 +385,6 @@ func LoopUntilPodIsReady(dryRun bool) { if len(token) == 0 { totalAttempts := 50 - //url := "http://localhost:8200/v1/sys/health" url := pkg.VaultLocalURL + "/v1/sys/health" for i := 0; i < totalAttempts; i++ { log.Printf("vault is not ready yet, sleeping and checking again, attempt (%d/%d)", i+1, totalAttempts) @@ -463,211 +461,6 @@ func SetArgocdCreds(dryRun bool) { viper.WriteConfig() } -// IngressCreate creates a Ingress object based on the provided parameters. -// -// Example: -// -// err := k8s.IngressCreate("default", "simple-go-api", 7001) -func IngressCreate(namespace string, serviceName string, port int32) error { - - // todo: method - clientset, err := GetClientSet(false) - if err != nil { - return err - } - - pathPrefix := networking.PathTypePrefix - - ingressConfig := networking.Ingress{ - TypeMeta: metaV1.TypeMeta{ - Kind: "Ingress", - }, - ObjectMeta: metaV1.ObjectMeta{ - Name: namespace, - Annotations: map[string]string{"ingress.kubernetes.io/ssl-redirect": "false"}, - }, - Spec: networking.IngressSpec{ - Rules: []networking.IngressRule{{ - Host: "vault.localhost", - IngressRuleValue: networking.IngressRuleValue{ - HTTP: &networking.HTTPIngressRuleValue{ - Paths: []networking.HTTPIngressPath{{ - Path: "/", - PathType: &pathPrefix, - Backend: networking.IngressBackend{ - Service: &networking.IngressServiceBackend{ - Name: serviceName, - Port: networking.ServiceBackendPort{ - Number: port, - }, - }, - }, - }}, - }, - }, - }}, - }, - } - - ingressObject, err := clientset.NetworkingV1().Ingresses(namespace).Create( - context.Background(), - &ingressConfig, - metaV1.CreateOptions{}, - ) - if err != nil { - return err - } - - log.Println(ingressObject.Status.String()) - - return nil -} - -// IngressDelete receives namespace and name to delete a Ingress object. -// -// Example: -// -// err := k8s.IngressDelete("default", "simple-go-api") -func IngressDelete(namespace string, name string) error { - - // todo: method - clientset, err := GetClientSet(false) - if err != nil { - return err - } - - err = clientset.NetworkingV1().Ingresses(namespace).Delete( - context.Background(), - name, - metaV1.DeleteOptions{ - TypeMeta: metaV1.TypeMeta{ - Kind: "Ingress", - }, - }, - ) - if err != nil { - return err - } - - log.Println("Ingress object deleted") - - return nil -} - -// todo: maybe not necessary / clean up before merging -//func IngressAddRule(namespace string, ingressName string, serviceName string, port int32) error { -// -// // todo: method -// clientset, err := GetClientSet(false) -// if err != nil { -// return err -// } -// -// l, err := clientset.NetworkingV1().Ingresses(namespace).List( -// context.Background(), -// metaV1.ListOptions{ -// TypeMeta: metaV1.TypeMeta{ -// Kind: "Ingress", -// }, -// }, -// ) -// if err != nil { -// return err -// } -// -// pathPrefix := networking.PathTypePrefix -// //ingressConfig := networking.Ingress{ -// // TypeMeta: metaV1.TypeMeta{ -// // Kind: "Ingress", -// // }, -// // ObjectMeta: metaV1.ObjectMeta{ -// // Name: name, -// // Annotations: map[string]string{"ingress.kubernetes.io/ssl-redirect": "false"}, -// // }, -// // Spec: networking.IngressSpec{ -// // Rules: []networking.IngressRule{{ -// // Host: "api.localhost", -// // IngressRuleValue: networking.IngressRuleValue{ -// // HTTP: &networking.HTTPIngressRuleValue{ -// // Paths: []networking.HTTPIngressPath{{ -// // Path: "/", -// // PathType: &pathPrefix, -// // -// // Backend: networking.IngressBackend{ -// // Service: &networking.IngressServiceBackend{ -// // Name: "simple-go-api2", -// // Port: networking.ServiceBackendPort{ -// // Number: 7001, -// // }, -// // }, -// // }, -// // }}, -// // }, -// // }, -// // }}, -// // }, -// //} -// -// var foundIngress *networking.Ingress -// for _, v := range l.Items { -// fmt.Println(v.Name) -// -// if v.Name == ingressName { -// fmt.Println("---debug---") -// fmt.Println("found!") -// fmt.Println("---debug---") -// -// foundIngress = v.DeepCopy() -// break -// } -// } -// -// //foundIngress.TypeMeta = metaV1.TypeMeta{ -// // Kind: "Ingress", -// //} -// //foundIngress.TypeMeta.APIVersion = "Ingress" -// //foundIngress.Name = "new123" -// //foundIngress.UID = k8sTypes.UID(uuid.New().String()) -// vaultRules := networking.IngressRule{ -// //Host: "vault.localhost", -// IngressRuleValue: networking.IngressRuleValue{ -// HTTP: &networking.HTTPIngressRuleValue{ -// Paths: []networking.HTTPIngressPath{{ -// Path: "/" + serviceName, -// PathType: &pathPrefix, -// -// Backend: networking.IngressBackend{ -// Service: &networking.IngressServiceBackend{ -// Name: serviceName, -// Port: networking.ServiceBackendPort{ -// Number: 8200, -// }, -// }, -// }, -// }}, -// }, -// }, -// } -// //foundIngress.Spec.Rules[0].Host = "api2.localhost" -// foundIngress.Spec.Rules = append(foundIngress.Spec.Rules, vaultRules) -// -// u, err := clientset.NetworkingV1().Ingresses(namespace).Update( -// context.Background(), -// foundIngress, -// metaV1.UpdateOptions{ -// TypeMeta: metaV1.TypeMeta{ -// Kind: "Ingress", -// }}, -// ) -// if err != nil { -// return err -// } -// -// fmt.Println(u) -// -// return nil -//} - // CreateSecret creates a key for a specific namespace. // // namespace: namespace where secret will be created From c17df7fc3d5d4912780191f8bb99d0a84ed9d809 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Vanzuita?= Date: Thu, 24 Nov 2022 09:38:16 -0300 Subject: [PATCH 26/33] chore: clean up MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: João Vanzuita --- internal/k8s/kubernetes.go | 1 + internal/reports/section.go | 24 ++++++++++++------------ pkg/constants.go | 28 ++++++++++++---------------- 3 files changed, 25 insertions(+), 28 deletions(-) diff --git a/internal/k8s/kubernetes.go b/internal/k8s/kubernetes.go index 18cd0df6b..d0c48dfdb 100644 --- a/internal/k8s/kubernetes.go +++ b/internal/k8s/kubernetes.go @@ -376,6 +376,7 @@ func (p *secret) patchSecret(k8sClient *kubernetes.Clientset, payload []PatchJso } // todo: deprecate the other functions +// this is used for local only (create/destroy) func LoopUntilPodIsReady(dryRun bool) { if dryRun { log.Printf("[#99] Dry-run mode, loopUntilPodIsReady skipped.") diff --git a/internal/reports/section.go b/internal/reports/section.go index 9a8e7fa2c..fcded8463 100644 --- a/internal/reports/section.go +++ b/internal/reports/section.go @@ -38,12 +38,12 @@ func PrintSectionRepoGitlab() []byte { return handOffData.Bytes() } -func PrintSectionOverview() []byte { +func PrintSectionOverview(kubefirstConsoleURL string) []byte { var handOffData bytes.Buffer handOffData.WriteString(strings.Repeat("-", 70)) handOffData.WriteString(fmt.Sprintf("\nCluster %q is up and running!:", viper.GetString("cluster-name"))) handOffData.WriteString("\nThis information is available at $HOME/.kubefirst ") - handOffData.WriteString("\n\nAccess the kubefirst-console from your browser at:\n" + pkg.KubefirstConsoleLocalURLTLS + "\n") + handOffData.WriteString("\n\nAccess the kubefirst-console from your browser at:\n" + kubefirstConsoleURL + "\n") handOffData.WriteString("\nPress ESC to leave this screen and return to your shell.") return handOffData.Bytes() @@ -227,7 +227,7 @@ func HandoffScreen(dryRun bool, silentMode bool) { } var handOffData bytes.Buffer - handOffData.Write(PrintSectionOverview()) + handOffData.Write(PrintSectionOverview(pkg.KubefirstConsoleLocalURLCloud)) handOffData.Write(PrintSectionAws()) if viper.GetString("gitprovider") == "github" { handOffData.Write(PrintSectionRepoGithub()) @@ -261,7 +261,7 @@ func LocalHandoffScreen(dryRun bool, silentMode bool) { } var handOffData bytes.Buffer - handOffData.Write(PrintSectionOverview()) + handOffData.Write(PrintSectionOverview(pkg.KubefirstConsoleLocalURLTLS)) handOffData.Write(PrintSectionRepoGithub()) handOffData.Write(PrintSectionVault()) handOffData.Write(PrintSectionArgoCD()) @@ -296,14 +296,14 @@ func LocalConnectSummary() string { localConnect.WriteString("\nKubefirst Local:\n") localConnect.WriteString(strings.Repeat("-", 70)) - localConnect.WriteString(fmt.Sprintf("\n\nKubefirst Console UI: %s\n", pkg.KubefirstConsoleLocalURL)) - localConnect.WriteString(fmt.Sprintf("ChartmuseumLocalURL: %s\n", pkg.ChartmuseumLocalURL)) - localConnect.WriteString(fmt.Sprintf("Argo: %s\n", pkg.ArgoLocalURL)) - localConnect.WriteString(fmt.Sprintf("ArgoCD: %s\n", pkg.ArgoCDLocalURL)) - localConnect.WriteString(fmt.Sprintf("Vault: %s\n", pkg.VaultLocalURL)) - localConnect.WriteString(fmt.Sprintf("Atlantis: %s\n", pkg.AtlantisLocalURL)) - localConnect.WriteString(fmt.Sprintf("Minio: %s\n", pkg.MinioURL)) - localConnect.WriteString(fmt.Sprintf("Minio Console: %s\n", pkg.MinioConsoleURL)) + localConnect.WriteString(fmt.Sprintf("\n\nKubefirst Console UI: %s\n", pkg.KubefirstConsoleLocalURLTLS)) + localConnect.WriteString(fmt.Sprintf("ChartmuseumLocalURL: %s\n", pkg.ChartmuseumLocalURLTLS)) + localConnect.WriteString(fmt.Sprintf("Argo: %s\n", pkg.ArgoLocalURLTLS)) + localConnect.WriteString(fmt.Sprintf("ArgoCD: %s\n", pkg.ArgoCDLocalURLTLS)) + localConnect.WriteString(fmt.Sprintf("Vault: %s\n", pkg.VaultLocalURLTLS)) + localConnect.WriteString(fmt.Sprintf("Atlantis: %s\n", pkg.AtlantisLocalURLTLS)) + localConnect.WriteString(fmt.Sprintf("Minio: %s\n", pkg.MinioURLTLS)) + localConnect.WriteString(fmt.Sprintf("Minio Console: %s\n", pkg.MinioConsoleURLTLS)) return localConnect.String() } diff --git a/pkg/constants.go b/pkg/constants.go index d3452ffce..a90a8b2f2 100644 --- a/pkg/constants.go +++ b/pkg/constants.go @@ -48,7 +48,6 @@ const ( ArgoNamespace = "argo" ArgoPodPort = 2746 ArgoPodLocalPort = 2746 - ArgoLocalURL = "http://localhost:2746" ArgoLocalURLTLS = "https://argo.localdev.me" ) @@ -58,7 +57,6 @@ const ( ArgoCDNamespace = "argocd" ArgoCDPodPort = 8080 ArgoCDPodLocalPort = 8080 - //ArgoCDLocalURL = "http://localhost:8080" ArgoCDLocalURL = "http://argocd.localdev.me" ArgoCDLocalURLTLS = "https://argocd.localdev.me" ArgoCDLocalBaseURL = "https://localhost:8080/api/v1" @@ -70,9 +68,8 @@ const ( ChartmuseumNamespace = "chartmuseum" ChartmuseumPodPort = 8080 ChartmuseumPodLocalPort = 8181 - //ChartmuseumLocalURL = "http://localhost:8181" - ChartmuseumLocalURL = "http://chartmuseum.localdev.me" - ChartmuseumLocalURLTLS = "https://chartmuseum.localdev.me" + ChartmuseumLocalURL = "http://chartmuseum.localdev.me" + ChartmuseumLocalURLTLS = "https://chartmuseum.localdev.me" ) // Minio @@ -81,9 +78,8 @@ const ( MinioNamespace = "minio" MinioPodPort = 9000 MinioPodLocalPort = 9000 - //MinioURL = "http://localhost:9000" - MinioURL = "http://minio.localdev.me" - MinioURLTLS = "https://minio.localdev.me" + MinioURL = "http://minio.localdev.me" + MinioURLTLS = "https://minio.localdev.me" ) // Minio Console @@ -92,18 +88,18 @@ const ( MinioConsoleNamespace = "minio" MinioConsolePodPort = 9001 MinioConsolePodLocalPort = 9001 - MinioConsoleURL = "http://localhost:9001" - MinioConsoleURLTLS = "https://localhost:9001" + MinioConsoleURLTLS = "https://minio-console.localdev.me" ) // Kubefirst Console const ( - KubefirstConsolePodName = "kubefirst-console" - KubefirstConsoleNamespace = "kubefirst" - KubefirstConsolePodPort = 80 - KubefirstConsolePodLocalPort = 9094 - KubefirstConsoleLocalURL = "http://kubefirst-console.localdev.me" - KubefirstConsoleLocalURLTLS = "https://kubefirst-console.localdev.me" + KubefirstConsolePodName = "kubefirst-console" + KubefirstConsoleNamespace = "kubefirst" + KubefirstConsolePodPort = 80 + KubefirstConsolePodLocalPort = 9094 + KubefirstConsoleLocalURLCloud = "http://localhost:9094" + KubefirstConsoleLocalURL = "http://kubefirst-console.localdev.me" + KubefirstConsoleLocalURLTLS = "https://kubefirst-console.localdev.me" ) // Atlantis From 0c19347bb3b235c3ffd15cd2d9ac56c19e1c019e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Vanzuita?= Date: Thu, 24 Nov 2022 09:51:55 -0300 Subject: [PATCH 27/33] chore: clean up MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: João Vanzuita --- cmd/local/postrun.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/local/postrun.go b/cmd/local/postrun.go index 2ccc9ccc7..87daf4756 100644 --- a/cmd/local/postrun.go +++ b/cmd/local/postrun.go @@ -48,7 +48,7 @@ func runPostLocal(cmd *cobra.Command, args []string) error { log.Printf("failed to create ingress route to argocd: %s", err) } - log.Printf("Kubefirst Console available at: %s", pkg.KubefirstConsoleLocalURL) + log.Printf("Kubefirst Console available at: %s", pkg.KubefirstConsoleLocalURLTLS) // managing termination signal from the terminal sigs := make(chan os.Signal, 1) From b25417fe674b96537ddac137799ccc1f192854fd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Vanzuita?= Date: Thu, 24 Nov 2022 10:08:27 -0300 Subject: [PATCH 28/33] feat: make use of ingress rules instead of port forward for local connect MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: João Vanzuita --- cmd/local/connect.go | 54 -------------------------------------------- 1 file changed, 54 deletions(-) diff --git a/cmd/local/connect.go b/cmd/local/connect.go index 0a5e43237..cbdaeb6d8 100644 --- a/cmd/local/connect.go +++ b/cmd/local/connect.go @@ -2,14 +2,9 @@ package local import ( "fmt" - "github.com/kubefirst/kubefirst/internal/k8s" "github.com/kubefirst/kubefirst/internal/reports" "github.com/spf13/cobra" "log" - "os" - "os/signal" - "sync" - "syscall" ) func NewCommandConnect() *cobra.Command { @@ -27,60 +22,11 @@ func NewCommandConnect() *cobra.Command { func runConnect(cmd *cobra.Command, args []string) error { log.Println("opening Port Forward for console...") - // every port forward has its own closing control. when a channel is closed, the port forward is close. - vaultStopChannel := make(chan struct{}, 1) - argoStopChannel := make(chan struct{}, 1) - argoCDStopChannel := make(chan struct{}, 1) - chartmuseumStopChannel := make(chan struct{}, 1) - minioStopChannel := make(chan struct{}, 1) - minioConsoleStopChannel := make(chan struct{}, 1) - kubefirstConsoleStopChannel := make(chan struct{}, 1) - AtlantisStopChannel := make(chan struct{}, 1) - - // guarantee it will close the port forwards even on a process kill - defer func() { - close(vaultStopChannel) - close(argoStopChannel) - close(argoCDStopChannel) - close(chartmuseumStopChannel) - close(minioStopChannel) - close(minioConsoleStopChannel) - close(kubefirstConsoleStopChannel) - close(AtlantisStopChannel) - log.Println("leaving port-forward command, port forwards are now closed") - }() - - err := k8s.OpenPortForwardForLocal( - vaultStopChannel, - argoStopChannel, - argoCDStopChannel, - chartmuseumStopChannel, - minioStopChannel, - minioConsoleStopChannel, - kubefirstConsoleStopChannel, - AtlantisStopChannel, - ) - if err != nil { - return err - } - // style UI with local URLs fmt.Println(reports.StyleMessage(reports.LocalConnectSummary())) log.Println("Kubefirst port forward done") log.Println("hanging port forwards until ctrl+c is called") - // managing termination signal from the terminal - sigs := make(chan os.Signal, 1) - signal.Notify(sigs, syscall.SIGINT, syscall.SIGTERM) - var wg sync.WaitGroup - wg.Add(1) - go func() { - <-sigs - wg.Done() - }() - - wg.Wait() - return nil } From 6ca802bb3d7ab63cdf74e758fd5fd22335f25032 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Paulo=20Vanzuita?= Date: Thu, 24 Nov 2022 11:12:40 -0300 Subject: [PATCH 29/33] chore: clean up (#778) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: João Vanzuita Signed-off-by: João Vanzuita --- cmd/destroyLocalGithub.go | 1 - cmd/local/local.go | 4 ---- internal/argocd/argocd.go | 19 +++++++++---------- pkg/helpers.go | 2 +- 4 files changed, 10 insertions(+), 16 deletions(-) diff --git a/cmd/destroyLocalGithub.go b/cmd/destroyLocalGithub.go index d2950bc99..265020c7c 100644 --- a/cmd/destroyLocalGithub.go +++ b/cmd/destroyLocalGithub.go @@ -30,7 +30,6 @@ var destroyLocalGithubCmd = &cobra.Command{ Short: "A brief description of your command", Long: `TDB`, RunE: func(cmd *cobra.Command, args []string) error { - fmt.Println("destroy-local-github called") config := configs.ReadConfig() destroyFlags, err := flagset.ProcessDestroyFlags(cmd) diff --git a/cmd/local/local.go b/cmd/local/local.go index 64f0e2cee..8855a7901 100644 --- a/cmd/local/local.go +++ b/cmd/local/local.go @@ -100,7 +100,6 @@ func runLocal(cmd *cobra.Command, args []string) error { // todo need to add go channel to control when ngrok should close // and use context to handle closing the open goroutine/connection go pkg.RunNgrok(context.TODO(), pkg.LocalAtlantisURL) - time.Sleep(5 * time.Second) if !viper.GetBool("kubefirst.done") { if viper.GetString("gitprovider") == "github" { @@ -276,9 +275,6 @@ func runLocal(cmd *cobra.Command, args []string) error { k8s.LoopUntilPodIsReady(dryRun) - // todo: can I remove it? - time.Sleep(20 * time.Second) - // configure vault with terraform executionControl = viper.GetBool("terraform.vault.apply.complete") if !executionControl { diff --git a/internal/argocd/argocd.go b/internal/argocd/argocd.go index d810f8b46..6a261ed07 100644 --- a/internal/argocd/argocd.go +++ b/internal/argocd/argocd.go @@ -319,21 +319,20 @@ func ApplyRegistry(dryRun bool) error { func ApplyRegistryLocal(dryRun bool) error { config := configs.ReadConfig() - if viper.GetBool("argocd.registry.applied") { + if viper.GetBool("argocd.registry.applied") || dryRun { log.Println("skipped ApplyRegistryLocal - ") return nil } - if !dryRun { - _, _, err := pkg.ExecShellReturnStrings(config.KubectlClientPath, "--kubeconfig", config.KubeConfigPath, "-n", "argocd", "apply", "-f", fmt.Sprintf("%s/gitops/registry.yaml", config.K1FolderPath)) - if err != nil { - log.Printf("failed to execute localhost kubectl apply of registry-base: %s", err) - return err - } - time.Sleep(45 * time.Second) - viper.Set("argocd.registry.applied", true) - viper.WriteConfig() + _, _, err := pkg.ExecShellReturnStrings(config.KubectlClientPath, "--kubeconfig", config.KubeConfigPath, "-n", "argocd", "apply", "-f", fmt.Sprintf("%s/gitops/registry.yaml", config.K1FolderPath)) + if err != nil { + log.Printf("failed to execute localhost kubectl apply of registry-base: %s", err) + return err } + time.Sleep(45 * time.Second) + viper.Set("argocd.registry.applied", true) + viper.WriteConfig() + return nil } diff --git a/pkg/helpers.go b/pkg/helpers.go index 2dc86dc2d..fe5a9a03e 100644 --- a/pkg/helpers.go +++ b/pkg/helpers.go @@ -574,7 +574,7 @@ func UpdateTerraformS3BackendForLocalhostAddress() error { "http://minio.minio.svc.cluster.local:9000", MinioURL, ); err != nil { - return err + log.Println(err) } } From 12d604a85ad06251f2a3e30477a98051e3ca1199 Mon Sep 17 00:00:00 2001 From: CristhianF7 Date: Fri, 25 Nov 2022 15:54:45 -0500 Subject: [PATCH 30/33] feat: console link updates --- configs/config.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/configs/config.go b/configs/config.go index 30435491c..5a07e7d1e 100644 --- a/configs/config.go +++ b/configs/config.go @@ -135,10 +135,10 @@ func ReadConfig() *Config { config.MetaphorTemplateURL = "https://github.com/kubefirst/metaphor-template.git" config.GitopsTemplateURL = "https://github.com/kubefirst/gitops-template-gh.git" // Local Configs URL - config.LocalArgoWorkflowsURL = "http://localhost:2746" - config.LocalVaultURL = "http://localhost:8200" - config.LocalArgoURL = "http://localhost:8080" - config.LocalAtlantisURL = "http://localhost:4141" + config.LocalArgoWorkflowsURL = "http://argo.localdev.me" + config.LocalVaultURL = "http://vault.localdev.me" + config.LocalArgoURL = "http://argocd.localdev.me" + config.LocalAtlantisURL = "http://atlantis.localdev.me" config.LocalChartmuseumURL = "http://localhost:8181" config.LocalMetaphorDev = "http://localhost:3000" From f30272adf1f84d8e2398c34468242197482ba230 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9ssica=20Marinho?= Date: Wed, 30 Nov 2022 08:45:34 -0300 Subject: [PATCH 31/33] feat: Detokenize ngrok (#784) Signed-off-by: Jessica Marinho Signed-off-by: Jessica Marinho --- cmd/local/local.go | 3 +-- cmd/local/prerun.go | 9 ++++++--- pkg/helpers.go | 2 ++ pkg/ngrok.go | 8 +++++--- 4 files changed, 14 insertions(+), 8 deletions(-) diff --git a/cmd/local/local.go b/cmd/local/local.go index 8855a7901..489c5d7c6 100644 --- a/cmd/local/local.go +++ b/cmd/local/local.go @@ -1,7 +1,6 @@ package local import ( - "context" "fmt" "log" "sync" @@ -99,7 +98,7 @@ func runLocal(cmd *cobra.Command, args []string) error { // todo need to add go channel to control when ngrok should close // and use context to handle closing the open goroutine/connection - go pkg.RunNgrok(context.TODO(), pkg.LocalAtlantisURL) + //go pkg.RunNgrok(context.TODO(), pkg.LocalAtlantisURL) if !viper.GetBool("kubefirst.done") { if viper.GetString("gitprovider") == "github" { diff --git a/cmd/local/prerun.go b/cmd/local/prerun.go index 6f102f974..1b3f4b466 100644 --- a/cmd/local/prerun.go +++ b/cmd/local/prerun.go @@ -1,7 +1,12 @@ package local import ( + "context" "fmt" + "log" + "net/http" + "time" + "github.com/dustin/go-humanize" "github.com/kubefirst/kubefirst/configs" "github.com/kubefirst/kubefirst/internal/addon" @@ -14,9 +19,6 @@ import ( "github.com/kubefirst/kubefirst/pkg" "github.com/spf13/cobra" "github.com/spf13/viper" - "log" - "net/http" - "time" ) func validateLocal(cmd *cobra.Command, args []string) error { @@ -77,6 +79,7 @@ func validateLocal(cmd *cobra.Command, args []string) error { viper.Set("argocd.local.service", pkg.ArgoCDLocalURL) viper.Set("vault.local.service", pkg.VaultLocalURL) + go pkg.RunNgrok(context.TODO(), pkg.AtlantisLocalURL) // addons addon.AddAddon("github") diff --git a/pkg/helpers.go b/pkg/helpers.go index fe5a9a03e..18697cb7c 100644 --- a/pkg/helpers.go +++ b/pkg/helpers.go @@ -137,6 +137,7 @@ func DetokenizeDirectory(path string, fi os.FileInfo, err error) error { githubRepoOwner := viper.GetString("github.owner") githubOrg := viper.GetString("github.owner") githubUser := viper.GetString("github.user") + ngrokUrl := viper.GetString("ngrok.url") githubToken := os.Getenv("KUBEFIRST_GITHUB_AUTH_TOKEN") @@ -147,6 +148,7 @@ func DetokenizeDirectory(path string, fi os.FileInfo, err error) error { newContents = strings.Replace(newContents, "", githubUser, -1) newContents = strings.Replace(newContents, "", githubToken, -1) newContents = strings.Replace(newContents, "", configs.K1Version, -1) + newContents = strings.Replace(newContents, "", ngrokUrl, -1) var repoPathHTTPS string var repoPathSSH string diff --git a/pkg/ngrok.go b/pkg/ngrok.go index 4108a6afa..5bf832426 100644 --- a/pkg/ngrok.go +++ b/pkg/ngrok.go @@ -3,13 +3,14 @@ package pkg import ( "context" "fmt" + "io" + "log" + "net" + "github.com/ngrok/ngrok-go" "github.com/ngrok/ngrok-go/config" "github.com/spf13/viper" "golang.org/x/sync/errgroup" - "io" - "log" - "net" ) func RunNgrok(ctx context.Context, dest string) { @@ -29,6 +30,7 @@ func RunNgrok(ctx context.Context, dest string) { fmt.Println("tunnel created: ", tunnel.URL()) viper.Set("github.atlantis.webhook.url", tunnel.URL()+"/events") + viper.Set("ngrok.url", tunnel.URL()) viper.WriteConfig() for { From b083664c926a225de7cc7fcf2d27d08d692ae27f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Vanzuita?= Date: Wed, 30 Nov 2022 08:54:43 -0300 Subject: [PATCH 32/33] chore: fix merge conflict MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: João Vanzuita --- cmd/local/local.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cmd/local/local.go b/cmd/local/local.go index 489c5d7c6..382c7181a 100644 --- a/cmd/local/local.go +++ b/cmd/local/local.go @@ -371,6 +371,7 @@ func runLocal(cmd *cobra.Command, args []string) error { // create a PR, atlantis will identify it's a Terraform change/file update and trigger atlantis plan // it's a goroutine since it can run in background + k8s.OpenAtlantisPortForward() var wg sync.WaitGroup wg.Add(1) go func() { @@ -379,7 +380,7 @@ func runLocal(cmd *cobra.Command, args []string) error { defer func() { close(atlantisStopChannel) }() - k8s.OpenPortForwardWrapper( + k8s.OpenPortForwardPodWrapper( pkg.AtlantisPodName, pkg.AtlantisNamespace, pkg.AtlantisPodPort, From 9c227611235c8a377fc9be3df3487f86a420cbc7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Paulo=20Vanzuita?= Date: Wed, 30 Nov 2022 09:21:30 -0300 Subject: [PATCH 33/33] temporary PR to enable atlantis port forward until the final solution (#793) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: Detokenize ngrok Signed-off-by: Jessica Marinho Co-authored-by: João Vanzuita --- cmd/local/prerun.go | 2 +- pkg/constants.go | 15 ++++++++------- pkg/helpers.go | 12 ------------ 3 files changed, 9 insertions(+), 20 deletions(-) diff --git a/cmd/local/prerun.go b/cmd/local/prerun.go index 1b3f4b466..bb93e7148 100644 --- a/cmd/local/prerun.go +++ b/cmd/local/prerun.go @@ -79,7 +79,7 @@ func validateLocal(cmd *cobra.Command, args []string) error { viper.Set("argocd.local.service", pkg.ArgoCDLocalURL) viper.Set("vault.local.service", pkg.VaultLocalURL) - go pkg.RunNgrok(context.TODO(), pkg.AtlantisLocalURL) + go pkg.RunNgrok(context.TODO(), pkg.LocalAtlantisURLTEMPORARY) // addons addon.AddAddon("github") diff --git a/pkg/constants.go b/pkg/constants.go index 048c864de..a395cfe16 100644 --- a/pkg/constants.go +++ b/pkg/constants.go @@ -104,13 +104,14 @@ const ( // Atlantis const ( - AtlantisPodName = "atlantis-0" - AtlantisNamespace = "atlantis" - AtlantisPodPort = 4141 - AtlantisPodLocalPort = 4141 - AtlantisLocalURL = "http://atlantis.localdev.me" - AtlantisLocalURLTLS = "https://atlantis.localdev.me" - LocalAtlantisURL = "localhost:4141" // todo: + AtlantisPodName = "atlantis-0" + AtlantisNamespace = "atlantis" + AtlantisPodPort = 4141 + AtlantisPodLocalPort = 4141 + AtlantisLocalURLTEST = "atlantis.localdev.me" + AtlantisLocalURL = "http://atlantis.localdev.me" + AtlantisLocalURLTLS = "https://atlantis.localdev.me" + LocalAtlantisURLTEMPORARY = "localhost:4141" // todo: //LocalAtlantisURL = "atlantis.localdev.me" // todo: ) diff --git a/pkg/helpers.go b/pkg/helpers.go index 106fa6b71..18697cb7c 100644 --- a/pkg/helpers.go +++ b/pkg/helpers.go @@ -139,18 +139,6 @@ func DetokenizeDirectory(path string, fi os.FileInfo, err error) error { githubUser := viper.GetString("github.user") ngrokUrl := viper.GetString("ngrok.url") - //due to vouch proxy keep arm image in other repo than amd image we need a logic to solve this - //issue: https://github.com/vouch/vouch-proxy/issues/406 - //issue on k1: https://github.com/kubefirst/kubefirst/issues/724 - nodes_graviton := viper.GetBool("aws.nodes_graviton") - if nodes_graviton { - newContents = strings.Replace(newContents, "", "voucher/vouch-proxy", -1) - newContents = strings.Replace(newContents, "", "latest-arm", -1) - } else { - newContents = strings.Replace(newContents, "", "quay.io/vouch/vouch-proxy", -1) - newContents = strings.Replace(newContents, "", "0.36", -1) - } - githubToken := os.Getenv("KUBEFIRST_GITHUB_AUTH_TOKEN") //todo: get from viper