Compare commits
4 Commits
feat/cert_
...
feat/nats
| Author | SHA1 | Date | |
|---|---|---|---|
| 270b6b87df | |||
| 6933280575 | |||
| 77583a1ad1 | |||
| f7404bed36 |
@@ -1,19 +0,0 @@
|
||||
[package]
|
||||
name = "cert_manager"
|
||||
edition = "2024"
|
||||
version.workspace = true
|
||||
readme.workspace = true
|
||||
license.workspace = true
|
||||
publish = false
|
||||
|
||||
[dependencies]
|
||||
harmony = { path = "../../harmony" }
|
||||
harmony_cli = { path = "../../harmony_cli" }
|
||||
harmony_types = { path = "../../harmony_types" }
|
||||
cidr = { workspace = true }
|
||||
tokio = { workspace = true }
|
||||
harmony_macros = { path = "../../harmony_macros" }
|
||||
log = { workspace = true }
|
||||
env_logger = { workspace = true }
|
||||
url = { workspace = true }
|
||||
assert_cmd = "2.0.16"
|
||||
@@ -1,46 +0,0 @@
|
||||
use harmony::{
|
||||
inventory::Inventory,
|
||||
modules::{
|
||||
cert_manager::{
|
||||
capability::CertificateManagementConfig, score_create_cert::CertificateCreationScore,
|
||||
score_create_issuer::CertificateIssuerScore,
|
||||
score_operator::CertificateManagementScore,
|
||||
},
|
||||
postgresql::{PostgreSQLScore, capability::PostgreSQLConfig},
|
||||
},
|
||||
topology::K8sAnywhereTopology,
|
||||
};
|
||||
|
||||
#[tokio::main]
|
||||
async fn main() {
|
||||
let config = CertificateManagementConfig {
|
||||
namespace: Some("test".to_string()),
|
||||
acme_issuer: None,
|
||||
ca_issuer: None,
|
||||
self_signed: true,
|
||||
};
|
||||
|
||||
let cert_manager = CertificateManagementScore {
|
||||
config: config.clone(),
|
||||
};
|
||||
|
||||
let issuer = CertificateIssuerScore {
|
||||
config: config.clone(),
|
||||
issuer_name: "test-self-signed-issuer".to_string(),
|
||||
};
|
||||
|
||||
let cert = CertificateCreationScore {
|
||||
config: config.clone(),
|
||||
cert_name: "test-self-signed-cert".to_string(),
|
||||
issuer_name: "test-self-signed-issuer".to_string(),
|
||||
};
|
||||
|
||||
harmony_cli::run(
|
||||
Inventory::autoload(),
|
||||
K8sAnywhereTopology::from_env(),
|
||||
vec![Box::new(cert_manager), Box::new(issuer), Box::new(cert)],
|
||||
None,
|
||||
)
|
||||
.await
|
||||
.unwrap();
|
||||
}
|
||||
@@ -3,15 +3,58 @@ use std::str::FromStr;
|
||||
use harmony::{
|
||||
inventory::Inventory,
|
||||
modules::helm::chart::{HelmChartScore, HelmRepository, NonBlankString},
|
||||
topology::K8sAnywhereTopology,
|
||||
topology::{HelmCommand, K8sAnywhereConfig, K8sAnywhereTopology, TlsRouter, Topology},
|
||||
};
|
||||
use harmony_macros::hurl;
|
||||
use log::info;
|
||||
|
||||
#[tokio::main]
|
||||
async fn main() {
|
||||
// env_logger::init();
|
||||
let values_yaml = Some(
|
||||
let site1_topo = K8sAnywhereTopology::with_config(K8sAnywhereConfig::remote_k8s_from_env_var(
|
||||
"HARMONY_NATS_SITE_1",
|
||||
));
|
||||
let site2_topo = K8sAnywhereTopology::with_config(K8sAnywhereConfig::remote_k8s_from_env_var(
|
||||
"HARMONY_NATS_SITE_2",
|
||||
));
|
||||
|
||||
let site1_domain = site1_topo.get_internal_domain().await.unwrap().unwrap();
|
||||
let site2_domain = site2_topo.get_internal_domain().await.unwrap().unwrap();
|
||||
|
||||
let site1_gateway = format!("nats-gateway.{}", site1_domain);
|
||||
let site2_gateway = format!("nats-gateway.{}", site2_domain);
|
||||
|
||||
tokio::join!(
|
||||
deploy_nats(
|
||||
site1_topo,
|
||||
"site-1",
|
||||
vec![("site-2".to_string(), site2_gateway)]
|
||||
),
|
||||
deploy_nats(
|
||||
site2_topo,
|
||||
"site-2",
|
||||
vec![("site-1".to_string(), site1_gateway)]
|
||||
),
|
||||
);
|
||||
}
|
||||
|
||||
async fn deploy_nats<T: Topology + HelmCommand + TlsRouter + 'static>(
|
||||
topology: T,
|
||||
cluster_name: &str,
|
||||
remote_gateways: Vec<(String, String)>,
|
||||
) {
|
||||
topology.ensure_ready().await.unwrap();
|
||||
|
||||
let mut gateway_gateways = String::new();
|
||||
for (name, url) in remote_gateways {
|
||||
gateway_gateways.push_str(&format!(
|
||||
r#"
|
||||
- name: {name}
|
||||
urls:
|
||||
- nats://{url}:7222"#
|
||||
));
|
||||
}
|
||||
|
||||
let values_yaml = Some(format!(
|
||||
r#"config:
|
||||
cluster:
|
||||
enabled: true
|
||||
@@ -25,16 +68,31 @@ async fn main() {
|
||||
leafnodes:
|
||||
enabled: false
|
||||
# port: 7422
|
||||
websocket:
|
||||
enabled: true
|
||||
ingress:
|
||||
enabled: true
|
||||
className: openshift-default
|
||||
pathType: Prefix
|
||||
hosts:
|
||||
- nats-ws.{}
|
||||
gateway:
|
||||
enabled: false
|
||||
# name: my-gateway
|
||||
# port: 7522
|
||||
enabled: true
|
||||
name: {}
|
||||
port: 7222
|
||||
gateways: {}
|
||||
service:
|
||||
ports:
|
||||
gateway:
|
||||
enabled: true
|
||||
natsBox:
|
||||
container:
|
||||
image:
|
||||
tag: nonroot"#
|
||||
.to_string(),
|
||||
);
|
||||
tag: nonroot"#,
|
||||
topology.get_internal_domain().await.unwrap().unwrap(),
|
||||
cluster_name,
|
||||
gateway_gateways,
|
||||
));
|
||||
let namespace = "nats";
|
||||
let nats = HelmChartScore {
|
||||
namespace: Some(NonBlankString::from_str(namespace).unwrap()),
|
||||
@@ -52,14 +110,9 @@ natsBox:
|
||||
)),
|
||||
};
|
||||
|
||||
harmony_cli::run(
|
||||
Inventory::autoload(),
|
||||
K8sAnywhereTopology::from_env(),
|
||||
vec![Box::new(nats)],
|
||||
None,
|
||||
)
|
||||
.await
|
||||
.unwrap();
|
||||
harmony_cli::run(Inventory::autoload(), topology, vec![Box::new(nats)], None)
|
||||
.await
|
||||
.unwrap();
|
||||
|
||||
info!(
|
||||
"Enjoy! You can test your nats cluster by running : `kubectl exec -n {namespace} -it deployment/nats-box -- nats pub test hi`"
|
||||
|
||||
@@ -1 +1,5 @@
|
||||
pub trait HelmCommand {}
|
||||
use std::process::Command;
|
||||
|
||||
pub trait HelmCommand {
|
||||
fn get_helm_command(&self) -> Command;
|
||||
}
|
||||
|
||||
@@ -230,26 +230,14 @@ impl K8sClient {
|
||||
namespace: Option<&str>,
|
||||
gvk: &GroupVersionKind,
|
||||
) -> Result<DynamicObject, Error> {
|
||||
let api_resource = ApiResource::from_gvk(gvk);
|
||||
let gvk = ApiResource::from_gvk(gvk);
|
||||
let resource: Api<DynamicObject> = if let Some(ns) = namespace {
|
||||
Api::namespaced_with(self.client.clone(), ns, &gvk)
|
||||
} else {
|
||||
Api::default_namespaced_with(self.client.clone(), &gvk)
|
||||
};
|
||||
|
||||
// 1. Try namespaced first (if a namespace was provided)
|
||||
if let Some(ns) = namespace {
|
||||
let api: Api<DynamicObject> =
|
||||
Api::namespaced_with(self.client.clone(), ns, &api_resource);
|
||||
|
||||
match api.get(name).await {
|
||||
Ok(obj) => return Ok(obj),
|
||||
Err(Error::Api(ae)) if ae.code == 404 => {
|
||||
// fall through and try cluster-scoped
|
||||
}
|
||||
Err(e) => return Err(e),
|
||||
}
|
||||
}
|
||||
|
||||
// 2. Fallback to cluster-scoped
|
||||
let api: Api<DynamicObject> = Api::all_with(self.client.clone(), &api_resource);
|
||||
|
||||
api.get(name).await
|
||||
resource.get(name).await
|
||||
}
|
||||
|
||||
pub async fn get_secret_json_value(
|
||||
|
||||
@@ -17,11 +17,6 @@ use crate::{
|
||||
interpret::InterpretStatus,
|
||||
inventory::Inventory,
|
||||
modules::{
|
||||
cert_manager::{
|
||||
capability::{CertificateManagement, CertificateManagementConfig},
|
||||
crd::{score_certificate::CertificateScore, score_issuer::IssuerScore},
|
||||
operator::CertManagerOperatorScore,
|
||||
},
|
||||
k3d::K3DInstallationScore,
|
||||
k8s::ingress::{K8sIngressScore, PathType},
|
||||
monitoring::{
|
||||
@@ -40,6 +35,7 @@ use crate::{
|
||||
service_monitor::ServiceMonitor,
|
||||
},
|
||||
},
|
||||
okd::crd::ingresses_config::Ingress as IngressResource,
|
||||
okd::route::OKDTlsPassthroughScore,
|
||||
prometheus::{
|
||||
k8s_prometheus_alerting_score::K8sPrometheusCRDAlertingScore,
|
||||
@@ -112,8 +108,32 @@ impl K8sclient for K8sAnywhereTopology {
|
||||
|
||||
#[async_trait]
|
||||
impl TlsRouter for K8sAnywhereTopology {
|
||||
async fn get_wildcard_domain(&self) -> Result<Option<String>, String> {
|
||||
todo!()
|
||||
async fn get_internal_domain(&self) -> Result<Option<String>, String> {
|
||||
match self.get_k8s_distribution().await.map_err(|e| {
|
||||
format!(
|
||||
"Could not get internal domain, error getting k8s distribution : {}",
|
||||
e.to_string()
|
||||
)
|
||||
})? {
|
||||
KubernetesDistribution::OpenshiftFamily => {
|
||||
let client = self.k8s_client().await?;
|
||||
if let Some(ingress_config) = client
|
||||
.get_resource::<IngressResource>("cluster", None)
|
||||
.await
|
||||
.map_err(|e| {
|
||||
format!("Error attempting to get ingress config : {}", e.to_string())
|
||||
})?
|
||||
{
|
||||
debug!("Found ingress config {:?}", ingress_config.spec);
|
||||
Ok(ingress_config.spec.domain.clone())
|
||||
} else {
|
||||
warn!("Could not find a domain configured in this cluster");
|
||||
Ok(None)
|
||||
}
|
||||
}
|
||||
KubernetesDistribution::K3sFamily => todo!(),
|
||||
KubernetesDistribution::Default => todo!(),
|
||||
}
|
||||
}
|
||||
|
||||
/// Returns the port that this router exposes externally.
|
||||
@@ -364,97 +384,6 @@ impl Serialize for K8sAnywhereTopology {
|
||||
}
|
||||
}
|
||||
|
||||
#[async_trait]
|
||||
impl CertificateManagement for K8sAnywhereTopology {
|
||||
async fn install(&self) -> Result<PreparationOutcome, PreparationError> {
|
||||
let cert_management_operator = CertManagerOperatorScore::default();
|
||||
|
||||
cert_management_operator
|
||||
.interpret(&Inventory::empty(), self)
|
||||
.await
|
||||
.map_err(|e| PreparationError { msg: e.to_string() })?;
|
||||
|
||||
Ok(PreparationOutcome::Success {
|
||||
details: format!(
|
||||
"Installed cert-manager into ns: {}",
|
||||
cert_management_operator.namespace
|
||||
),
|
||||
})
|
||||
}
|
||||
|
||||
async fn ensure_certificate_management_ready(
|
||||
&self,
|
||||
config: &CertificateManagementConfig,
|
||||
) -> Result<PreparationOutcome, PreparationError> {
|
||||
let k8s_client = self.k8s_client().await.unwrap();
|
||||
let gvk = GroupVersionKind {
|
||||
group: "operators.coreos.com".to_string(),
|
||||
version: "v1".to_string(),
|
||||
kind: "Operator".to_string(),
|
||||
};
|
||||
//TODO make this generic across k8s distributions using k8s family
|
||||
match k8s_client
|
||||
.get_resource_json_value("cert-manager.openshift-operators", None, &gvk)
|
||||
.await
|
||||
{
|
||||
Ok(_ready) => Ok(PreparationOutcome::Success {
|
||||
details: "Certificate Management Ready".to_string(),
|
||||
}),
|
||||
Err(e) => {
|
||||
debug!("{} operator not found", e.to_string());
|
||||
self.install().await
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
async fn create_issuer(
|
||||
&self,
|
||||
issuer_name: String,
|
||||
config: &CertificateManagementConfig,
|
||||
) -> Result<PreparationOutcome, PreparationError> {
|
||||
let issuer_score = IssuerScore {
|
||||
issuer_name: issuer_name.clone(),
|
||||
config: config.clone(),
|
||||
};
|
||||
|
||||
issuer_score
|
||||
.interpret(&Inventory::empty(), self)
|
||||
.await
|
||||
.map_err(|e| PreparationError { msg: e.to_string() })?;
|
||||
|
||||
Ok(PreparationOutcome::Success {
|
||||
details: format!("issuer of kind {} is ready", issuer_name),
|
||||
})
|
||||
}
|
||||
|
||||
async fn create_certificate(
|
||||
&self,
|
||||
cert_name: String,
|
||||
issuer_name: String,
|
||||
config: &CertificateManagementConfig,
|
||||
) -> Result<PreparationOutcome, PreparationError> {
|
||||
self.certificate_issuer_ready(
|
||||
issuer_name.clone(),
|
||||
self.k8s_client().await.unwrap(),
|
||||
config,
|
||||
)
|
||||
.await?;
|
||||
|
||||
let cert = CertificateScore {
|
||||
cert_name: cert_name,
|
||||
config: config.clone(),
|
||||
issuer_name,
|
||||
};
|
||||
cert.interpret(&Inventory::empty(), self)
|
||||
.await
|
||||
.map_err(|e| PreparationError { msg: e.to_string() })?;
|
||||
|
||||
Ok(PreparationOutcome::Success {
|
||||
details: format!("Created cert into ns: {:#?}", config.namespace.clone()),
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
impl K8sAnywhereTopology {
|
||||
pub fn from_env() -> Self {
|
||||
Self {
|
||||
@@ -474,35 +403,6 @@ impl K8sAnywhereTopology {
|
||||
}
|
||||
}
|
||||
|
||||
pub async fn certificate_issuer_ready(
|
||||
&self,
|
||||
issuer_name: String,
|
||||
k8s_client: Arc<K8sClient>,
|
||||
config: &CertificateManagementConfig,
|
||||
) -> Result<PreparationOutcome, PreparationError> {
|
||||
let ns = config.namespace.clone().ok_or_else(|| PreparationError {
|
||||
msg: "namespace is required".to_string(),
|
||||
})?;
|
||||
|
||||
let gvk = GroupVersionKind {
|
||||
group: "cert-manager.io".to_string(),
|
||||
version: "v1".to_string(),
|
||||
kind: "Issuer".to_string(),
|
||||
};
|
||||
|
||||
match k8s_client
|
||||
.get_resource_json_value(&issuer_name, Some(&ns), &gvk)
|
||||
.await
|
||||
{
|
||||
Ok(_cert_issuer) => Ok(PreparationOutcome::Success {
|
||||
details: format!("issuer of kind {} is ready", issuer_name),
|
||||
}),
|
||||
Err(e) => Err(PreparationError {
|
||||
msg: format!("{} issuer {} not present", e.to_string(), issuer_name),
|
||||
}),
|
||||
}
|
||||
}
|
||||
|
||||
pub async fn get_k8s_distribution(&self) -> Result<&KubernetesDistribution, PreparationError> {
|
||||
self.k8s_distribution
|
||||
.get_or_try_init(async || {
|
||||
@@ -1212,7 +1112,21 @@ impl MultiTargetTopology for K8sAnywhereTopology {
|
||||
}
|
||||
}
|
||||
|
||||
impl HelmCommand for K8sAnywhereTopology {}
|
||||
impl HelmCommand for K8sAnywhereTopology {
|
||||
fn get_helm_command(&self) -> Command {
|
||||
let mut cmd = Command::new("helm");
|
||||
if let Some(k) = &self.config.kubeconfig {
|
||||
cmd.args(["--kubeconfig", k]);
|
||||
}
|
||||
|
||||
if let Some(c) = &self.config.k8s_context {
|
||||
cmd.args(["--kube-context", c]);
|
||||
}
|
||||
|
||||
info!("Using helm command {cmd:?}");
|
||||
cmd
|
||||
}
|
||||
}
|
||||
|
||||
#[async_trait]
|
||||
impl TenantManager for K8sAnywhereTopology {
|
||||
@@ -1233,7 +1147,7 @@ impl TenantManager for K8sAnywhereTopology {
|
||||
#[async_trait]
|
||||
impl Ingress for K8sAnywhereTopology {
|
||||
async fn get_domain(&self, service: &str) -> Result<String, PreparationError> {
|
||||
use log::{debug, trace, warn};
|
||||
use log::{trace, warn};
|
||||
|
||||
let client = self.k8s_client().await?;
|
||||
|
||||
|
||||
@@ -2,7 +2,7 @@ use async_trait::async_trait;
|
||||
use derive_new::new;
|
||||
use serde::{Deserialize, Serialize};
|
||||
|
||||
use super::{HelmCommand, PreparationError, PreparationOutcome, Topology};
|
||||
use super::{PreparationError, PreparationOutcome, Topology};
|
||||
|
||||
#[derive(new, Clone, Debug, Serialize, Deserialize)]
|
||||
pub struct LocalhostTopology;
|
||||
@@ -19,6 +19,3 @@ impl Topology for LocalhostTopology {
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
// TODO: Delete this, temp for test
|
||||
impl HelmCommand for LocalhostTopology {}
|
||||
|
||||
@@ -112,12 +112,13 @@ pub trait TlsRouter: Send + Sync {
|
||||
/// HAProxy frontend→backend \"postgres-upstream\".
|
||||
async fn install_route(&self, config: TlsRoute) -> Result<(), String>;
|
||||
|
||||
/// Gets the base domain that can be used to deploy applications that will be automatically
|
||||
/// routed to this cluster.
|
||||
/// Gets the base domain of this cluster. On openshift family clusters, this is the domain
|
||||
/// used by default for all components, including the default ingress controller that
|
||||
/// transforms ingress to routes.
|
||||
///
|
||||
/// For example, if we have *.apps.nationtech.io pointing to a public load balancer, then this
|
||||
/// function would install route apps.nationtech.io
|
||||
async fn get_wildcard_domain(&self) -> Result<Option<String>, String>;
|
||||
/// For example, get_internal_domain on a cluster that has `console-openshift-console.apps.mycluster.something`
|
||||
/// will return `apps.mycluster.something`
|
||||
async fn get_internal_domain(&self) -> Result<Option<String>, String>;
|
||||
|
||||
/// Returns the port that this router exposes externally.
|
||||
async fn get_router_port(&self) -> u16;
|
||||
|
||||
@@ -1,39 +0,0 @@
|
||||
use async_trait::async_trait;
|
||||
use serde::Serialize;
|
||||
|
||||
use crate::{
|
||||
modules::cert_manager::crd::{AcmeIssuer, CaIssuer},
|
||||
topology::{PreparationError, PreparationOutcome},
|
||||
};
|
||||
|
||||
///TODO rust doc explaining issuer, certificate etc
|
||||
#[async_trait]
|
||||
pub trait CertificateManagement: Send + Sync {
|
||||
async fn install(&self) -> Result<PreparationOutcome, PreparationError>;
|
||||
|
||||
async fn ensure_certificate_management_ready(
|
||||
&self,
|
||||
config: &CertificateManagementConfig,
|
||||
) -> Result<PreparationOutcome, PreparationError>;
|
||||
|
||||
async fn create_issuer(
|
||||
&self,
|
||||
issuer_name: String,
|
||||
config: &CertificateManagementConfig,
|
||||
) -> Result<PreparationOutcome, PreparationError>;
|
||||
|
||||
async fn create_certificate(
|
||||
&self,
|
||||
cert_name: String,
|
||||
issuer_name: String,
|
||||
config: &CertificateManagementConfig,
|
||||
) -> Result<PreparationOutcome, PreparationError>;
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone, Serialize)]
|
||||
pub struct CertificateManagementConfig {
|
||||
pub namespace: Option<String>,
|
||||
pub acme_issuer: Option<AcmeIssuer>,
|
||||
pub ca_issuer: Option<CaIssuer>,
|
||||
pub self_signed: bool,
|
||||
}
|
||||
@@ -1,112 +0,0 @@
|
||||
use kube::{CustomResource, api::ObjectMeta};
|
||||
use serde::{Deserialize, Serialize};
|
||||
|
||||
#[derive(CustomResource, Deserialize, Serialize, Clone, Debug)]
|
||||
#[kube(
|
||||
group = "cert-manager.io",
|
||||
version = "v1",
|
||||
kind = "Certificate",
|
||||
plural = "certificates",
|
||||
namespaced = true,
|
||||
schema = "disabled"
|
||||
)]
|
||||
#[serde(rename_all = "camelCase")]
|
||||
pub struct CertificateSpec {
|
||||
/// Name of the Secret where the certificate will be stored
|
||||
pub secret_name: String,
|
||||
|
||||
/// Common Name (optional but often discouraged in favor of SANs)
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub common_name: Option<String>,
|
||||
|
||||
/// DNS Subject Alternative Names
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub dns_names: Option<Vec<String>>,
|
||||
|
||||
/// IP Subject Alternative Names
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub ip_addresses: Option<Vec<String>>,
|
||||
|
||||
/// Certificate duration (e.g. "2160h")
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub duration: Option<String>,
|
||||
|
||||
/// How long before expiry cert-manager should renew
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub renew_before: Option<String>,
|
||||
|
||||
/// Reference to the Issuer or ClusterIssuer
|
||||
pub issuer_ref: IssuerRef,
|
||||
|
||||
/// Is this a CA certificate
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub is_ca: Option<bool>,
|
||||
|
||||
/// Private key configuration
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub private_key: Option<PrivateKey>,
|
||||
}
|
||||
|
||||
impl Default for Certificate {
|
||||
fn default() -> Self {
|
||||
Certificate {
|
||||
metadata: ObjectMeta::default(),
|
||||
spec: CertificateSpec::default(),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl Default for CertificateSpec {
|
||||
fn default() -> Self {
|
||||
Self {
|
||||
secret_name: String::new(),
|
||||
common_name: None,
|
||||
dns_names: None,
|
||||
ip_addresses: None,
|
||||
duration: None,
|
||||
renew_before: None,
|
||||
issuer_ref: IssuerRef::default(),
|
||||
is_ca: None,
|
||||
private_key: None,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(Deserialize, Serialize, Clone, Debug)]
|
||||
#[serde(rename_all = "camelCase")]
|
||||
pub struct IssuerRef {
|
||||
pub name: String,
|
||||
|
||||
/// Either "Issuer" or "ClusterIssuer"
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub kind: Option<String>,
|
||||
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub group: Option<String>,
|
||||
}
|
||||
|
||||
impl Default for IssuerRef {
|
||||
fn default() -> Self {
|
||||
Self {
|
||||
name: String::new(),
|
||||
kind: None,
|
||||
group: None,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(Deserialize, Serialize, Clone, Debug)]
|
||||
#[serde(rename_all = "camelCase")]
|
||||
pub struct PrivateKey {
|
||||
/// RSA or ECDSA
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub algorithm: Option<String>,
|
||||
|
||||
/// Key size (e.g. 2048, 4096)
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub size: Option<u32>,
|
||||
|
||||
/// Rotation policy: "Never" or "Always"
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub rotation_policy: Option<String>,
|
||||
}
|
||||
@@ -1,44 +0,0 @@
|
||||
use kube::{CustomResource, api::ObjectMeta};
|
||||
use serde::{Deserialize, Serialize};
|
||||
|
||||
use crate::modules::cert_manager::crd::{AcmeIssuer, CaIssuer, SelfSignedIssuer};
|
||||
|
||||
#[derive(CustomResource, Deserialize, Serialize, Clone, Debug)]
|
||||
#[kube(
|
||||
group = "cert-manager.io",
|
||||
version = "v1",
|
||||
kind = "ClusterIssuer",
|
||||
plural = "clusterissuers",
|
||||
namespaced = false,
|
||||
schema = "disabled"
|
||||
)]
|
||||
#[serde(rename_all = "camelCase")]
|
||||
pub struct ClusterIssuerSpec {
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub self_signed: Option<SelfSignedIssuer>,
|
||||
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub ca: Option<CaIssuer>,
|
||||
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub acme: Option<AcmeIssuer>,
|
||||
}
|
||||
|
||||
impl Default for ClusterIssuer {
|
||||
fn default() -> Self {
|
||||
ClusterIssuer {
|
||||
metadata: ObjectMeta::default(),
|
||||
spec: ClusterIssuerSpec::default(),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl Default for ClusterIssuerSpec {
|
||||
fn default() -> Self {
|
||||
Self {
|
||||
self_signed: None,
|
||||
ca: None,
|
||||
acme: None,
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1,44 +0,0 @@
|
||||
use kube::{CustomResource, api::ObjectMeta};
|
||||
use serde::{Deserialize, Serialize};
|
||||
|
||||
use crate::modules::cert_manager::crd::{AcmeIssuer, CaIssuer, SelfSignedIssuer};
|
||||
|
||||
#[derive(CustomResource, Deserialize, Serialize, Clone, Debug)]
|
||||
#[kube(
|
||||
group = "cert-manager.io",
|
||||
version = "v1",
|
||||
kind = "Issuer",
|
||||
plural = "issuers",
|
||||
namespaced = true,
|
||||
schema = "disabled"
|
||||
)]
|
||||
#[serde(rename_all = "camelCase")]
|
||||
pub struct IssuerSpec {
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub self_signed: Option<SelfSignedIssuer>,
|
||||
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub ca: Option<CaIssuer>,
|
||||
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub acme: Option<AcmeIssuer>,
|
||||
}
|
||||
|
||||
impl Default for Issuer {
|
||||
fn default() -> Self {
|
||||
Issuer {
|
||||
metadata: ObjectMeta::default(),
|
||||
spec: IssuerSpec::default(),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl Default for IssuerSpec {
|
||||
fn default() -> Self {
|
||||
Self {
|
||||
self_signed: None,
|
||||
ca: None,
|
||||
acme: None,
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1,65 +0,0 @@
|
||||
use serde::{Deserialize, Serialize};
|
||||
|
||||
pub mod certificate;
|
||||
pub mod cluster_issuer;
|
||||
pub mod issuer;
|
||||
//pub mod score_cluster_issuer;
|
||||
pub mod score_certificate;
|
||||
pub mod score_issuer;
|
||||
|
||||
#[derive(Deserialize, Serialize, Clone, Debug)]
|
||||
#[serde(rename_all = "camelCase")]
|
||||
pub struct CaIssuer {
|
||||
/// Secret containing `tls.crt` and `tls.key`
|
||||
pub secret_name: String,
|
||||
}
|
||||
|
||||
#[derive(Deserialize, Serialize, Clone, Debug, Default)]
|
||||
#[serde(rename_all = "camelCase")]
|
||||
pub struct SelfSignedIssuer {}
|
||||
|
||||
#[derive(Deserialize, Serialize, Clone, Debug)]
|
||||
#[serde(rename_all = "camelCase")]
|
||||
pub struct AcmeIssuer {
|
||||
pub server: String,
|
||||
pub email: String,
|
||||
|
||||
/// Secret used to store the ACME account private key
|
||||
pub private_key_secret_ref: SecretKeySelector,
|
||||
|
||||
pub solvers: Vec<AcmeSolver>,
|
||||
}
|
||||
|
||||
#[derive(Deserialize, Serialize, Clone, Debug)]
|
||||
#[serde(rename_all = "camelCase")]
|
||||
pub struct SecretKeySelector {
|
||||
pub name: String,
|
||||
pub key: String,
|
||||
}
|
||||
|
||||
#[derive(Deserialize, Serialize, Clone, Debug)]
|
||||
#[serde(rename_all = "camelCase")]
|
||||
pub struct AcmeSolver {
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub http01: Option<Http01Solver>,
|
||||
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub dns01: Option<Dns01Solver>,
|
||||
}
|
||||
|
||||
#[derive(Deserialize, Serialize, Clone, Debug)]
|
||||
#[serde(rename_all = "camelCase")]
|
||||
pub struct Dns01Solver {}
|
||||
|
||||
#[derive(Deserialize, Serialize, Clone, Debug)]
|
||||
#[serde(rename_all = "camelCase")]
|
||||
pub struct Http01Solver {
|
||||
pub ingress: IngressSolver,
|
||||
}
|
||||
|
||||
#[derive(Deserialize, Serialize, Clone, Debug)]
|
||||
#[serde(rename_all = "camelCase")]
|
||||
pub struct IngressSolver {
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub class: Option<String>,
|
||||
}
|
||||
@@ -1,49 +0,0 @@
|
||||
use kube::api::ObjectMeta;
|
||||
use serde::Serialize;
|
||||
|
||||
use crate::{
|
||||
interpret::Interpret,
|
||||
modules::{
|
||||
cert_manager::{
|
||||
capability::CertificateManagementConfig,
|
||||
crd::certificate::{Certificate, CertificateSpec, IssuerRef},
|
||||
},
|
||||
k8s::resource::K8sResourceScore,
|
||||
},
|
||||
score::Score,
|
||||
topology::{K8sclient, Topology},
|
||||
};
|
||||
|
||||
#[derive(Debug, Clone, Serialize)]
|
||||
pub struct CertificateScore {
|
||||
pub cert_name: String,
|
||||
pub issuer_name: String,
|
||||
pub config: CertificateManagementConfig,
|
||||
}
|
||||
|
||||
impl<T: Topology + K8sclient> Score<T> for CertificateScore {
|
||||
fn name(&self) -> String {
|
||||
"CertificateScore".to_string()
|
||||
}
|
||||
|
||||
fn create_interpret(&self) -> Box<dyn Interpret<T>> {
|
||||
let cert = Certificate {
|
||||
metadata: ObjectMeta {
|
||||
name: Some(self.cert_name.clone()),
|
||||
namespace: self.config.namespace.clone(),
|
||||
..Default::default()
|
||||
},
|
||||
spec: CertificateSpec {
|
||||
secret_name: format!("{}-tls", self.cert_name.clone()),
|
||||
issuer_ref: IssuerRef {
|
||||
name: self.issuer_name.clone(),
|
||||
kind: Some("Issuer".into()),
|
||||
group: Some("cert-manager.io".into()),
|
||||
},
|
||||
dns_names: Some(vec!["test.example.local".to_string()]),
|
||||
..Default::default()
|
||||
},
|
||||
};
|
||||
K8sResourceScore::single(cert, self.config.namespace.clone()).create_interpret()
|
||||
}
|
||||
}
|
||||
@@ -1,51 +0,0 @@
|
||||
use kube::api::ObjectMeta;
|
||||
use serde::Serialize;
|
||||
|
||||
use crate::{
|
||||
interpret::Interpret,
|
||||
modules::{
|
||||
cert_manager::crd::{
|
||||
AcmeIssuer, CaIssuer, SelfSignedIssuer,
|
||||
cluster_issuer::{ClusterIssuer, ClusterIssuerSpec},
|
||||
},
|
||||
k8s::resource::K8sResourceScore,
|
||||
},
|
||||
score::Score,
|
||||
topology::{K8sclient, Topology},
|
||||
};
|
||||
|
||||
#[derive(Debug, Clone, Serialize)]
|
||||
pub struct ClusterIssuerScore {
|
||||
name: String,
|
||||
acme_issuer: Option<AcmeIssuer>,
|
||||
ca_issuer: Option<CaIssuer>,
|
||||
self_signed: bool,
|
||||
}
|
||||
|
||||
impl<T: Topology + K8sclient> Score<T> for ClusterIssuerScore {
|
||||
fn name(&self) -> String {
|
||||
"ClusterIssuerScore".to_string()
|
||||
}
|
||||
|
||||
fn create_interpret(&self) -> Box<dyn Interpret<T>> {
|
||||
let metadata = ObjectMeta {
|
||||
name: Some(self.name.clone()),
|
||||
namespace: None,
|
||||
..ObjectMeta::default()
|
||||
};
|
||||
|
||||
let spec = ClusterIssuerSpec {
|
||||
acme: self.acme_issuer.clone(),
|
||||
ca: self.ca_issuer.clone(),
|
||||
self_signed: if self.self_signed {
|
||||
Some(SelfSignedIssuer::default())
|
||||
} else {
|
||||
None
|
||||
},
|
||||
};
|
||||
|
||||
let cluster_issuer = ClusterIssuer { metadata, spec };
|
||||
|
||||
K8sResourceScore::single(cluster_issuer, None).create_interpret()
|
||||
}
|
||||
}
|
||||
@@ -1,52 +0,0 @@
|
||||
use kube::api::ObjectMeta;
|
||||
use serde::Serialize;
|
||||
|
||||
use crate::{
|
||||
interpret::Interpret,
|
||||
modules::{
|
||||
cert_manager::{
|
||||
capability::CertificateManagementConfig,
|
||||
crd::{
|
||||
SelfSignedIssuer,
|
||||
issuer::{Issuer, IssuerSpec},
|
||||
},
|
||||
},
|
||||
k8s::resource::K8sResourceScore,
|
||||
},
|
||||
score::Score,
|
||||
topology::{K8sclient, Topology},
|
||||
};
|
||||
|
||||
#[derive(Debug, Clone, Serialize)]
|
||||
pub struct IssuerScore {
|
||||
pub issuer_name: String,
|
||||
pub config: CertificateManagementConfig,
|
||||
}
|
||||
|
||||
impl<T: Topology + K8sclient> Score<T> for IssuerScore {
|
||||
fn name(&self) -> String {
|
||||
"IssuerScore".to_string()
|
||||
}
|
||||
|
||||
fn create_interpret(&self) -> Box<dyn Interpret<T>> {
|
||||
let metadata = ObjectMeta {
|
||||
name: Some(self.issuer_name.clone()),
|
||||
namespace: self.config.namespace.clone(),
|
||||
..ObjectMeta::default()
|
||||
};
|
||||
|
||||
let spec = IssuerSpec {
|
||||
acme: self.config.acme_issuer.clone(),
|
||||
ca: self.config.ca_issuer.clone(),
|
||||
self_signed: if self.config.self_signed {
|
||||
Some(SelfSignedIssuer::default())
|
||||
} else {
|
||||
None
|
||||
},
|
||||
};
|
||||
|
||||
let issuer = Issuer { metadata, spec };
|
||||
|
||||
K8sResourceScore::single(issuer, self.config.namespace.clone()).create_interpret()
|
||||
}
|
||||
}
|
||||
@@ -1,9 +1,3 @@
|
||||
pub mod capability;
|
||||
pub mod cluster_issuer;
|
||||
pub mod crd;
|
||||
mod helm;
|
||||
pub mod operator;
|
||||
pub mod score_create_cert;
|
||||
pub mod score_create_issuer;
|
||||
pub mod score_operator;
|
||||
pub use helm::*;
|
||||
|
||||
@@ -1,64 +0,0 @@
|
||||
use kube::api::ObjectMeta;
|
||||
use serde::Serialize;
|
||||
|
||||
use crate::{
|
||||
interpret::Interpret,
|
||||
modules::k8s::{
|
||||
apps::crd::{Subscription, SubscriptionSpec},
|
||||
resource::K8sResourceScore,
|
||||
},
|
||||
score::Score,
|
||||
topology::{K8sclient, Topology, k8s::K8sClient},
|
||||
};
|
||||
|
||||
/// Install the Cert-Manager Operator via RedHat Community Operators registry.redhat.io/redhat/community-operator-index:v4.19
|
||||
/// This Score creates a Subscription CR in the specified namespace
|
||||
|
||||
#[derive(Debug, Clone, Serialize)]
|
||||
pub struct CertManagerOperatorScore {
|
||||
pub namespace: String,
|
||||
pub channel: String,
|
||||
pub install_plan_approval: String,
|
||||
pub source: String,
|
||||
pub source_namespace: String,
|
||||
}
|
||||
|
||||
impl Default for CertManagerOperatorScore {
|
||||
fn default() -> Self {
|
||||
Self {
|
||||
namespace: "openshift-operators".to_string(),
|
||||
channel: "stable".to_string(),
|
||||
install_plan_approval: "Automatic".to_string(),
|
||||
source: "community-operators".to_string(),
|
||||
source_namespace: "openshift-marketplace".to_string(),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl<T: Topology + K8sclient> Score<T> for CertManagerOperatorScore {
|
||||
fn name(&self) -> String {
|
||||
"CertManagerOperatorScore".to_string()
|
||||
}
|
||||
|
||||
fn create_interpret(&self) -> Box<dyn Interpret<T>> {
|
||||
let metadata = ObjectMeta {
|
||||
name: Some("cert-manager".to_string()),
|
||||
namespace: Some(self.namespace.clone()),
|
||||
..ObjectMeta::default()
|
||||
};
|
||||
|
||||
let spec = SubscriptionSpec {
|
||||
channel: Some(self.channel.clone()),
|
||||
config: None,
|
||||
install_plan_approval: Some(self.install_plan_approval.clone()),
|
||||
name: "cert-manager".to_string(),
|
||||
source: self.source.clone(),
|
||||
source_namespace: self.source_namespace.clone(),
|
||||
starting_csv: None,
|
||||
};
|
||||
|
||||
let subscription = Subscription { metadata, spec };
|
||||
|
||||
K8sResourceScore::single(subscription, Some(self.namespace.clone())).create_interpret()
|
||||
}
|
||||
}
|
||||
@@ -1,76 +0,0 @@
|
||||
use async_trait::async_trait;
|
||||
use harmony_types::id::Id;
|
||||
use serde::Serialize;
|
||||
|
||||
use crate::{
|
||||
data::Version,
|
||||
interpret::{Interpret, InterpretError, InterpretName, InterpretStatus, Outcome},
|
||||
inventory::Inventory,
|
||||
modules::cert_manager::capability::{CertificateManagement, CertificateManagementConfig},
|
||||
score::Score,
|
||||
topology::Topology,
|
||||
};
|
||||
|
||||
#[derive(Debug, Clone, Serialize)]
|
||||
pub struct CertificateCreationScore {
|
||||
pub cert_name: String,
|
||||
pub issuer_name: String,
|
||||
pub config: CertificateManagementConfig,
|
||||
}
|
||||
|
||||
impl<T: Topology + CertificateManagement> Score<T> for CertificateCreationScore {
|
||||
fn name(&self) -> String {
|
||||
"CertificateCreationScore".to_string()
|
||||
}
|
||||
|
||||
fn create_interpret(&self) -> Box<dyn Interpret<T>> {
|
||||
Box::new(CertificateCreationInterpret {
|
||||
cert_name: self.cert_name.clone(),
|
||||
issuer_name: self.issuer_name.clone(),
|
||||
config: self.config.clone(),
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(Debug)]
|
||||
struct CertificateCreationInterpret {
|
||||
cert_name: String,
|
||||
issuer_name: String,
|
||||
config: CertificateManagementConfig,
|
||||
}
|
||||
|
||||
#[async_trait]
|
||||
impl<T: Topology + CertificateManagement> Interpret<T> for CertificateCreationInterpret {
|
||||
async fn execute(
|
||||
&self,
|
||||
inventory: &Inventory,
|
||||
topology: &T,
|
||||
) -> Result<Outcome, InterpretError> {
|
||||
let _certificate = topology
|
||||
.create_certificate(
|
||||
self.cert_name.clone(),
|
||||
self.issuer_name.clone(),
|
||||
&self.config,
|
||||
)
|
||||
.await
|
||||
.map_err(|e| InterpretError::new(e.to_string()))?;
|
||||
|
||||
Ok(Outcome::success(format!("Installed CertificateManagement")))
|
||||
}
|
||||
|
||||
fn get_name(&self) -> InterpretName {
|
||||
InterpretName::Custom("CertificateManagementInterpret")
|
||||
}
|
||||
|
||||
fn get_version(&self) -> Version {
|
||||
todo!()
|
||||
}
|
||||
|
||||
fn get_status(&self) -> InterpretStatus {
|
||||
todo!()
|
||||
}
|
||||
|
||||
fn get_children(&self) -> Vec<Id> {
|
||||
todo!()
|
||||
}
|
||||
}
|
||||
@@ -1,71 +0,0 @@
|
||||
use async_trait::async_trait;
|
||||
use harmony_types::id::Id;
|
||||
use log::debug;
|
||||
use serde::Serialize;
|
||||
|
||||
use crate::{
|
||||
data::Version,
|
||||
interpret::{Interpret, InterpretError, InterpretName, InterpretStatus, Outcome},
|
||||
inventory::Inventory,
|
||||
modules::cert_manager::capability::{CertificateManagement, CertificateManagementConfig},
|
||||
score::Score,
|
||||
topology::Topology,
|
||||
};
|
||||
|
||||
#[derive(Debug, Clone, Serialize)]
|
||||
pub struct CertificateIssuerScore {
|
||||
pub issuer_name: String,
|
||||
pub config: CertificateManagementConfig,
|
||||
}
|
||||
|
||||
impl<T: Topology + CertificateManagement> Score<T> for CertificateIssuerScore {
|
||||
fn name(&self) -> String {
|
||||
"CertificateIssuerScore".to_string()
|
||||
}
|
||||
|
||||
fn create_interpret(&self) -> Box<dyn Interpret<T>> {
|
||||
Box::new(CertificateIssuerInterpret {
|
||||
config: self.config.clone(),
|
||||
issuer_name: self.issuer_name.clone(),
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(Debug)]
|
||||
struct CertificateIssuerInterpret {
|
||||
config: CertificateManagementConfig,
|
||||
issuer_name: String,
|
||||
}
|
||||
|
||||
#[async_trait]
|
||||
impl<T: Topology + CertificateManagement> Interpret<T> for CertificateIssuerInterpret {
|
||||
async fn execute(
|
||||
&self,
|
||||
inventory: &Inventory,
|
||||
topology: &T,
|
||||
) -> Result<Outcome, InterpretError> {
|
||||
debug!("issuer name: {}", self.issuer_name.clone());
|
||||
let _cert_issuer = topology
|
||||
.create_issuer(self.issuer_name.clone(), &self.config)
|
||||
.await
|
||||
.map_err(|e| InterpretError::new(e.to_string()))?;
|
||||
|
||||
Ok(Outcome::success(format!("Installed CertificateManagement")))
|
||||
}
|
||||
|
||||
fn get_name(&self) -> InterpretName {
|
||||
InterpretName::Custom("CertificateManagementInterpret")
|
||||
}
|
||||
|
||||
fn get_version(&self) -> Version {
|
||||
todo!()
|
||||
}
|
||||
|
||||
fn get_status(&self) -> InterpretStatus {
|
||||
todo!()
|
||||
}
|
||||
|
||||
fn get_children(&self) -> Vec<Id> {
|
||||
todo!()
|
||||
}
|
||||
}
|
||||
@@ -1,66 +0,0 @@
|
||||
use async_trait::async_trait;
|
||||
use harmony_types::id::Id;
|
||||
use serde::Serialize;
|
||||
|
||||
use crate::{
|
||||
data::Version,
|
||||
interpret::{Interpret, InterpretError, InterpretName, InterpretStatus, Outcome},
|
||||
inventory::Inventory,
|
||||
modules::cert_manager::capability::{CertificateManagement, CertificateManagementConfig},
|
||||
score::Score,
|
||||
topology::Topology,
|
||||
};
|
||||
|
||||
#[derive(Debug, Clone, Serialize)]
|
||||
pub struct CertificateManagementScore {
|
||||
pub config: CertificateManagementConfig,
|
||||
}
|
||||
|
||||
impl<T: Topology + CertificateManagement> Score<T> for CertificateManagementScore {
|
||||
fn name(&self) -> String {
|
||||
"CertificateManagementScore".to_string()
|
||||
}
|
||||
|
||||
fn create_interpret(&self) -> Box<dyn Interpret<T>> {
|
||||
Box::new(CertificateManagementInterpret {
|
||||
config: self.config.clone(),
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(Debug)]
|
||||
struct CertificateManagementInterpret {
|
||||
config: CertificateManagementConfig,
|
||||
}
|
||||
|
||||
#[async_trait]
|
||||
impl<T: Topology + CertificateManagement> Interpret<T> for CertificateManagementInterpret {
|
||||
async fn execute(
|
||||
&self,
|
||||
inventory: &Inventory,
|
||||
topology: &T,
|
||||
) -> Result<Outcome, InterpretError> {
|
||||
topology
|
||||
.ensure_certificate_management_ready(&self.config)
|
||||
.await
|
||||
.map_err(|e| InterpretError::new(e.to_string()))?;
|
||||
|
||||
Ok(Outcome::success(format!("CertificateManagement is ready")))
|
||||
}
|
||||
|
||||
fn get_name(&self) -> InterpretName {
|
||||
InterpretName::Custom("CertificateManagementInterpret")
|
||||
}
|
||||
|
||||
fn get_version(&self) -> Version {
|
||||
todo!()
|
||||
}
|
||||
|
||||
fn get_status(&self) -> InterpretStatus {
|
||||
todo!()
|
||||
}
|
||||
|
||||
fn get_children(&self) -> Vec<Id> {
|
||||
todo!()
|
||||
}
|
||||
}
|
||||
@@ -6,15 +6,11 @@ use crate::topology::{HelmCommand, Topology};
|
||||
use async_trait::async_trait;
|
||||
use harmony_types::id::Id;
|
||||
use harmony_types::net::Url;
|
||||
use helm_wrapper_rs;
|
||||
use helm_wrapper_rs::blocking::{DefaultHelmExecutor, HelmExecutor};
|
||||
use log::{debug, info, warn};
|
||||
pub use non_blank_string_rs::NonBlankString;
|
||||
use serde::Serialize;
|
||||
use std::collections::HashMap;
|
||||
use std::path::Path;
|
||||
use std::process::{Command, Output, Stdio};
|
||||
use std::str::FromStr;
|
||||
use std::process::{Output, Stdio};
|
||||
use temp_file::TempFile;
|
||||
|
||||
#[derive(Debug, Clone, Serialize)]
|
||||
@@ -65,7 +61,7 @@ pub struct HelmChartInterpret {
|
||||
pub score: HelmChartScore,
|
||||
}
|
||||
impl HelmChartInterpret {
|
||||
fn add_repo(&self) -> Result<(), InterpretError> {
|
||||
fn add_repo<T: HelmCommand>(&self, topology: &T) -> Result<(), InterpretError> {
|
||||
let repo = match &self.score.repository {
|
||||
Some(repo) => repo,
|
||||
None => {
|
||||
@@ -84,7 +80,7 @@ impl HelmChartInterpret {
|
||||
add_args.push("--force-update");
|
||||
}
|
||||
|
||||
let add_output = run_helm_command(&add_args)?;
|
||||
let add_output = run_helm_command(topology, &add_args)?;
|
||||
let full_output = format!(
|
||||
"{}\n{}",
|
||||
String::from_utf8_lossy(&add_output.stdout),
|
||||
@@ -100,23 +96,19 @@ impl HelmChartInterpret {
|
||||
}
|
||||
}
|
||||
|
||||
fn run_helm_command(args: &[&str]) -> Result<Output, InterpretError> {
|
||||
let command_str = format!("helm {}", args.join(" "));
|
||||
debug!(
|
||||
"Got KUBECONFIG: `{}`",
|
||||
std::env::var("KUBECONFIG").unwrap_or("".to_string())
|
||||
);
|
||||
debug!("Running Helm command: `{}`", command_str);
|
||||
fn run_helm_command<T: HelmCommand>(topology: &T, args: &[&str]) -> Result<Output, InterpretError> {
|
||||
let mut helm_cmd = topology.get_helm_command();
|
||||
helm_cmd.args(args);
|
||||
|
||||
let output = Command::new("helm")
|
||||
.args(args)
|
||||
debug!("Running Helm command: `{:?}`", helm_cmd);
|
||||
|
||||
let output = helm_cmd
|
||||
.stdout(Stdio::piped())
|
||||
.stderr(Stdio::piped())
|
||||
.output()
|
||||
.map_err(|e| {
|
||||
InterpretError::new(format!(
|
||||
"Failed to execute helm command '{}': {}. Is helm installed and in PATH?",
|
||||
command_str, e
|
||||
"Failed to execute helm command '{helm_cmd:?}': {e}. Is helm installed and in PATH?",
|
||||
))
|
||||
})?;
|
||||
|
||||
@@ -124,13 +116,13 @@ fn run_helm_command(args: &[&str]) -> Result<Output, InterpretError> {
|
||||
let stdout = String::from_utf8_lossy(&output.stdout);
|
||||
let stderr = String::from_utf8_lossy(&output.stderr);
|
||||
warn!(
|
||||
"Helm command `{}` failed with status: {}\nStdout:\n{}\nStderr:\n{}",
|
||||
command_str, output.status, stdout, stderr
|
||||
"Helm command `{helm_cmd:?}` failed with status: {}\nStdout:\n{stdout}\nStderr:\n{stderr}",
|
||||
output.status
|
||||
);
|
||||
} else {
|
||||
debug!(
|
||||
"Helm command `{}` finished successfully. Status: {}",
|
||||
command_str, output.status
|
||||
"Helm command `{helm_cmd:?}` finished successfully. Status: {}",
|
||||
output.status
|
||||
);
|
||||
}
|
||||
|
||||
@@ -142,7 +134,7 @@ impl<T: Topology + HelmCommand> Interpret<T> for HelmChartInterpret {
|
||||
async fn execute(
|
||||
&self,
|
||||
_inventory: &Inventory,
|
||||
_topology: &T,
|
||||
topology: &T,
|
||||
) -> Result<Outcome, InterpretError> {
|
||||
let ns = self
|
||||
.score
|
||||
@@ -150,98 +142,62 @@ impl<T: Topology + HelmCommand> Interpret<T> for HelmChartInterpret {
|
||||
.as_ref()
|
||||
.unwrap_or_else(|| todo!("Get namespace from active kubernetes cluster"));
|
||||
|
||||
let tf: TempFile;
|
||||
let yaml_path: Option<&Path> = match self.score.values_yaml.as_ref() {
|
||||
Some(yaml_str) => {
|
||||
tf = temp_file::with_contents(yaml_str.as_bytes());
|
||||
debug!(
|
||||
"values yaml string for chart {} :\n {yaml_str}",
|
||||
self.score.chart_name
|
||||
);
|
||||
Some(tf.path())
|
||||
}
|
||||
None => None,
|
||||
self.add_repo(topology)?;
|
||||
|
||||
let mut args = if self.score.install_only {
|
||||
vec!["install"]
|
||||
} else {
|
||||
vec!["upgrade", "--install"]
|
||||
};
|
||||
|
||||
self.add_repo()?;
|
||||
|
||||
let helm_executor = DefaultHelmExecutor::new_with_opts(
|
||||
&NonBlankString::from_str("helm").unwrap(),
|
||||
None,
|
||||
900,
|
||||
false,
|
||||
false,
|
||||
);
|
||||
|
||||
let mut helm_options = Vec::new();
|
||||
if self.score.create_namespace {
|
||||
helm_options.push(NonBlankString::from_str("--create-namespace").unwrap());
|
||||
}
|
||||
|
||||
if self.score.install_only {
|
||||
let chart_list = match helm_executor.list(Some(ns)) {
|
||||
Ok(charts) => charts,
|
||||
Err(e) => {
|
||||
return Err(InterpretError::new(format!(
|
||||
"Failed to list scores in namespace {:?} because of error : {}",
|
||||
self.score.namespace, e
|
||||
)));
|
||||
}
|
||||
};
|
||||
|
||||
if chart_list
|
||||
.iter()
|
||||
.any(|item| item.name == self.score.release_name.to_string())
|
||||
{
|
||||
info!(
|
||||
"Release '{}' already exists in namespace '{}'. Skipping installation as install_only is true.",
|
||||
self.score.release_name, ns
|
||||
);
|
||||
|
||||
return Ok(Outcome::success(format!(
|
||||
"Helm Chart '{}' already installed to namespace {ns} and install_only=true",
|
||||
self.score.release_name
|
||||
)));
|
||||
} else {
|
||||
info!(
|
||||
"Release '{}' not found in namespace '{}'. Proceeding with installation.",
|
||||
self.score.release_name, ns
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
let res = helm_executor.install_or_upgrade(
|
||||
ns,
|
||||
args.extend(vec![
|
||||
&self.score.release_name,
|
||||
&self.score.chart_name,
|
||||
self.score.chart_version.as_ref(),
|
||||
self.score.values_overrides.as_ref(),
|
||||
yaml_path,
|
||||
Some(&helm_options),
|
||||
);
|
||||
"--namespace",
|
||||
&ns,
|
||||
]);
|
||||
|
||||
let status = match res {
|
||||
Ok(status) => status,
|
||||
Err(err) => return Err(InterpretError::new(err.to_string())),
|
||||
};
|
||||
if self.score.create_namespace {
|
||||
args.push("--create-namespace");
|
||||
}
|
||||
|
||||
match status {
|
||||
helm_wrapper_rs::HelmDeployStatus::Deployed => Ok(Outcome::success(format!(
|
||||
if let Some(version) = &self.score.chart_version {
|
||||
args.push("--version");
|
||||
args.push(&version);
|
||||
}
|
||||
|
||||
let tf: TempFile;
|
||||
if let Some(yaml_str) = &self.score.values_yaml {
|
||||
tf = temp_file::with_contents(yaml_str.as_bytes());
|
||||
args.push("--values");
|
||||
args.push(tf.path().to_str().unwrap());
|
||||
}
|
||||
|
||||
let overrides_strings: Vec<String>;
|
||||
if let Some(overrides) = &self.score.values_overrides {
|
||||
overrides_strings = overrides
|
||||
.iter()
|
||||
.map(|(key, value)| format!("{key}={value}"))
|
||||
.collect();
|
||||
for o in overrides_strings.iter() {
|
||||
args.push("--set");
|
||||
args.push(&o);
|
||||
}
|
||||
}
|
||||
|
||||
let output = run_helm_command(topology, &args)?;
|
||||
|
||||
if output.status.success() {
|
||||
Ok(Outcome::success(format!(
|
||||
"Helm Chart {} deployed",
|
||||
self.score.release_name
|
||||
))),
|
||||
helm_wrapper_rs::HelmDeployStatus::PendingInstall => Ok(Outcome::running(format!(
|
||||
"Helm Chart {} pending install...",
|
||||
self.score.release_name
|
||||
))),
|
||||
helm_wrapper_rs::HelmDeployStatus::PendingUpgrade => Ok(Outcome::running(format!(
|
||||
"Helm Chart {} pending upgrade...",
|
||||
self.score.release_name
|
||||
))),
|
||||
helm_wrapper_rs::HelmDeployStatus::Failed => Err(InterpretError::new(format!(
|
||||
"Helm Chart {} installation failed",
|
||||
self.score.release_name
|
||||
))),
|
||||
)))
|
||||
} else {
|
||||
Err(InterpretError::new(format!(
|
||||
"Helm Chart {} installation failed: {}",
|
||||
self.score.release_name,
|
||||
String::from_utf8_lossy(&output.stderr)
|
||||
)))
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -5,7 +5,7 @@ use crate::topology::{FailoverTopology, TlsRoute, TlsRouter};
|
||||
|
||||
#[async_trait]
|
||||
impl<T: TlsRouter> TlsRouter for FailoverTopology<T> {
|
||||
async fn get_wildcard_domain(&self) -> Result<Option<String>, String> {
|
||||
async fn get_internal_domain(&self) -> Result<Option<String>, String> {
|
||||
todo!()
|
||||
}
|
||||
|
||||
|
||||
214
harmony/src/modules/okd/crd/ingresses_config.rs
Normal file
214
harmony/src/modules/okd/crd/ingresses_config.rs
Normal file
@@ -0,0 +1,214 @@
|
||||
use k8s_openapi::apimachinery::pkg::apis::meta::v1::{ListMeta, ObjectMeta};
|
||||
use k8s_openapi::{ClusterResourceScope, Resource};
|
||||
use serde::{Deserialize, Serialize};
|
||||
|
||||
#[derive(Deserialize, Serialize, Clone, Debug)]
|
||||
#[serde(rename_all = "camelCase")]
|
||||
pub struct Ingress {
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub api_version: Option<String>,
|
||||
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub kind: Option<String>,
|
||||
pub metadata: ObjectMeta,
|
||||
|
||||
pub spec: IngressSpec,
|
||||
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub status: Option<IngressStatus>,
|
||||
}
|
||||
|
||||
impl Resource for Ingress {
|
||||
const API_VERSION: &'static str = "config.openshift.io/v1";
|
||||
const GROUP: &'static str = "config.openshift.io";
|
||||
const VERSION: &'static str = "v1";
|
||||
const KIND: &'static str = "Ingress";
|
||||
const URL_PATH_SEGMENT: &'static str = "ingresses";
|
||||
type Scope = ClusterResourceScope;
|
||||
}
|
||||
|
||||
impl k8s_openapi::Metadata for Ingress {
|
||||
type Ty = ObjectMeta;
|
||||
|
||||
fn metadata(&self) -> &Self::Ty {
|
||||
&self.metadata
|
||||
}
|
||||
|
||||
fn metadata_mut(&mut self) -> &mut Self::Ty {
|
||||
&mut self.metadata
|
||||
}
|
||||
}
|
||||
|
||||
impl Default for Ingress {
|
||||
fn default() -> Self {
|
||||
Ingress {
|
||||
api_version: Some("config.openshift.io/v1".to_string()),
|
||||
kind: Some("Ingress".to_string()),
|
||||
metadata: ObjectMeta::default(),
|
||||
spec: IngressSpec::default(),
|
||||
status: None,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(Deserialize, Serialize, Clone, Debug)]
|
||||
#[serde(rename_all = "camelCase")]
|
||||
pub struct IngressList {
|
||||
pub metadata: ListMeta,
|
||||
pub items: Vec<Ingress>,
|
||||
}
|
||||
|
||||
impl Default for IngressList {
|
||||
fn default() -> Self {
|
||||
Self {
|
||||
metadata: ListMeta::default(),
|
||||
items: Vec::new(),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl Resource for IngressList {
|
||||
const API_VERSION: &'static str = "config.openshift.io/v1";
|
||||
const GROUP: &'static str = "config.openshift.io";
|
||||
const VERSION: &'static str = "v1";
|
||||
const KIND: &'static str = "IngressList";
|
||||
const URL_PATH_SEGMENT: &'static str = "ingresses";
|
||||
type Scope = ClusterResourceScope;
|
||||
}
|
||||
|
||||
impl k8s_openapi::Metadata for IngressList {
|
||||
type Ty = ListMeta;
|
||||
|
||||
fn metadata(&self) -> &Self::Ty {
|
||||
&self.metadata
|
||||
}
|
||||
|
||||
fn metadata_mut(&mut self) -> &mut Self::Ty {
|
||||
&mut self.metadata
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(Deserialize, Serialize, Clone, Debug, Default)]
|
||||
#[serde(rename_all = "camelCase")]
|
||||
pub struct IngressSpec {
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub apps_domain: Option<String>,
|
||||
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub component_routes: Option<Vec<ComponentRouteSpec>>,
|
||||
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub domain: Option<String>,
|
||||
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub load_balancer: Option<LoadBalancer>,
|
||||
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub required_hsts_policies: Option<Vec<RequiredHSTSPolicy>>,
|
||||
}
|
||||
|
||||
#[derive(Deserialize, Serialize, Clone, Debug)]
|
||||
#[serde(rename_all = "camelCase")]
|
||||
pub struct ComponentRouteSpec {
|
||||
pub hostname: String,
|
||||
pub name: String,
|
||||
pub namespace: String,
|
||||
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub serving_cert_key_pair_secret: Option<SecretNameReference>,
|
||||
}
|
||||
|
||||
#[derive(Deserialize, Serialize, Clone, Debug)]
|
||||
#[serde(rename_all = "camelCase")]
|
||||
pub struct SecretNameReference {
|
||||
pub name: String,
|
||||
}
|
||||
|
||||
#[derive(Deserialize, Serialize, Clone, Debug, Default)]
|
||||
#[serde(rename_all = "camelCase")]
|
||||
pub struct LoadBalancer {
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub platform: Option<IngressPlatform>,
|
||||
}
|
||||
|
||||
#[derive(Deserialize, Serialize, Clone, Debug, Default)]
|
||||
#[serde(rename_all = "camelCase")]
|
||||
pub struct IngressPlatform {
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub aws: Option<AWSPlatformLoadBalancer>,
|
||||
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub r#type: Option<String>,
|
||||
}
|
||||
|
||||
#[derive(Deserialize, Serialize, Clone, Debug)]
|
||||
#[serde(rename_all = "camelCase")]
|
||||
pub struct AWSPlatformLoadBalancer {
|
||||
pub r#type: String,
|
||||
}
|
||||
|
||||
#[derive(Deserialize, Serialize, Clone, Debug)]
|
||||
#[serde(rename_all = "camelCase")]
|
||||
pub struct RequiredHSTSPolicy {
|
||||
pub domain_patterns: Vec<String>,
|
||||
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub include_sub_domains_policy: Option<String>,
|
||||
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub max_age: Option<MaxAgePolicy>,
|
||||
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub namespace_selector: Option<k8s_openapi::apimachinery::pkg::apis::meta::v1::LabelSelector>,
|
||||
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub preload_policy: Option<String>,
|
||||
}
|
||||
|
||||
#[derive(Deserialize, Serialize, Clone, Debug, Default)]
|
||||
#[serde(rename_all = "camelCase")]
|
||||
pub struct MaxAgePolicy {
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub largest_max_age: Option<i32>,
|
||||
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub smallest_max_age: Option<i32>,
|
||||
}
|
||||
|
||||
#[derive(Deserialize, Serialize, Clone, Debug, Default)]
|
||||
#[serde(rename_all = "camelCase")]
|
||||
pub struct IngressStatus {
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub component_routes: Option<Vec<ComponentRouteStatus>>,
|
||||
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub default_placement: Option<String>,
|
||||
}
|
||||
|
||||
#[derive(Deserialize, Serialize, Clone, Debug)]
|
||||
#[serde(rename_all = "camelCase")]
|
||||
pub struct ComponentRouteStatus {
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub conditions: Option<Vec<k8s_openapi::apimachinery::pkg::apis::meta::v1::Condition>>,
|
||||
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub consuming_users: Option<Vec<String>>,
|
||||
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub current_hostnames: Option<Vec<String>>,
|
||||
|
||||
pub default_hostname: String,
|
||||
pub name: String,
|
||||
pub namespace: String,
|
||||
pub related_objects: Vec<ObjectReference>,
|
||||
}
|
||||
|
||||
#[derive(Deserialize, Serialize, Clone, Debug)]
|
||||
#[serde(rename_all = "camelCase")]
|
||||
pub struct ObjectReference {
|
||||
pub group: String,
|
||||
pub name: String,
|
||||
pub namespace: String,
|
||||
pub resource: String,
|
||||
}
|
||||
|
||||
@@ -1,2 +1,3 @@
|
||||
pub mod nmstate;
|
||||
pub mod route;
|
||||
pub mod ingresses_config;
|
||||
|
||||
@@ -1,5 +1,4 @@
|
||||
use k8s_openapi::apimachinery::pkg::apis::meta::v1::{ListMeta, ObjectMeta, Time};
|
||||
use k8s_openapi::apimachinery::pkg::util::intstr::IntOrString;
|
||||
use k8s_openapi::{NamespaceResourceScope, Resource};
|
||||
use serde::{Deserialize, Serialize};
|
||||
|
||||
|
||||
@@ -7,11 +7,14 @@ use harmony::{
|
||||
};
|
||||
use log::{error, info, log_enabled};
|
||||
use std::io::Write;
|
||||
use std::sync::Mutex;
|
||||
use std::sync::{Mutex, OnceLock};
|
||||
|
||||
pub fn init() {
|
||||
configure_logger();
|
||||
handle_events();
|
||||
static INITIALIZED: OnceLock<()> = OnceLock::new();
|
||||
INITIALIZED.get_or_init(|| {
|
||||
configure_logger();
|
||||
handle_events();
|
||||
});
|
||||
}
|
||||
|
||||
fn configure_logger() {
|
||||
|
||||
Reference in New Issue
Block a user