From 16e23b7907ac1452a5c0dac0107e7f509f78fe64 Mon Sep 17 00:00:00 2001 From: awendt Date: Fri, 22 Mar 2024 16:54:26 -0600 Subject: [PATCH] fix: gitlab redis secret fix (#44) chore: update uds tasks to use ./uds chore: remove core dns package --- bundles/uds-core-swf/uds-bundle.yaml | 9 +-- packages/gitlab-redis/zarf.yaml | 2 +- .../idam-dns/files/coredns-add-hostname.sh | 79 ------------------- packages/idam-dns/zarf.yaml | 22 ------ tasks.yaml | 1 - tasks/create.yaml | 23 +++--- 6 files changed, 11 insertions(+), 125 deletions(-) delete mode 100755 packages/idam-dns/files/coredns-add-hostname.sh delete mode 100644 packages/idam-dns/zarf.yaml diff --git a/bundles/uds-core-swf/uds-bundle.yaml b/bundles/uds-core-swf/uds-bundle.yaml index fa24804c..9d60b086 100644 --- a/bundles/uds-core-swf/uds-bundle.yaml +++ b/bundles/uds-core-swf/uds-bundle.yaml @@ -244,7 +244,7 @@ packages: # Gitlab Runner - name: gitlab-runner repository: ghcr.io/defenseunicorns/packages/uds/gitlab-runner - ref: 16.8.0-uds.0-registry1 + ref: 16.9.1-uds.2-registry1 # Sonarqube - name: sonarqube-database-secret @@ -346,10 +346,3 @@ packages: - name: nexus repository: ghcr.io/defenseunicorns/packages/uds/nexus ref: 3.64.0-uds.1-registry1 - - # Add all virtualservices as internal dns entries for auth callbacks - - name: software-factory-idam-dns - path: ../../build - ref: 1.0.0 - optionalComponents: - - create-internal-dns-entries diff --git a/packages/gitlab-redis/zarf.yaml b/packages/gitlab-redis/zarf.yaml index 6ec9d730..18941d02 100644 --- a/packages/gitlab-redis/zarf.yaml +++ b/packages/gitlab-redis/zarf.yaml @@ -11,7 +11,7 @@ components: actions: onDeploy: before: - - cmd: kubectl get secret -n dev-redis redis --template='{{ index .data "redis-password" }}' | base64 -d + - cmd: ./zarf tools kubectl get secret -n dev-redis redis --template='{{ index .data "redis-password" }}' | base64 -d mute: true setVariables: - name: REDIS_PASSWORD diff --git a/packages/idam-dns/files/coredns-add-hostname.sh b/packages/idam-dns/files/coredns-add-hostname.sh deleted file mode 100755 index 3bf8a2ac..00000000 --- a/packages/idam-dns/files/coredns-add-hostname.sh +++ /dev/null @@ -1,79 +0,0 @@ -#!/bin/bash - -NAMESPACE=kube-system -CONFIGMAP=rke2-coredns-rke2-coredns -DEPLOYMENT=rke2-coredns-rke2-coredns -TMP_FILE=tmp_cm.yaml - -# Get list of gateways and their ip's -GATEWAYS=$(kubectl get svc -n istio-system -l istio=ingressgateway --sort-by='{.metadata.name}' --output=jsonpath='{range .items[*]}{.metadata.name}{"_"}{.status.loadBalancer.ingress[0].ip}{"\n"}{end}' | sed 's/keycloak/passthrough/g') - -VIRTUALSERVICES=$(kubectl get vs -A -o=jsonpath='{range .items[*]}{.spec.gateways[*]}{"_"}{.spec.hosts[*]}{"\n"}{end}') - -MAPPED_HOSTS="" - -# Map virtualservices to their external ip -for gateway in $GATEWAYS; do - for vs in $VIRTUALSERVICES; do - if [ $(echo "$vs" | grep "$(echo $gateway | cut -d '-' -f1)" | wc -l) -gt 0 ]; then - MAPPED_HOSTS="$MAPPED_HOSTS$(echo $gateway | cut -d '_' -f2) $(echo $vs | cut -d '_' -f2)\n " - fi - done -done - -# Wrap the mapped hosts in comments for tracking -MAPPED_HOSTS="#swf-begin\n $MAPPED_HOSTS#swf-end" - -# dump corefile into variable -COREFILE=$(kubectl get cm -n $NAMESPACE $CONFIGMAP -o jsonpath='{ .data.Corefile }') - -# cleanup temp file if it exists -rm -f $TMP_FILE - -# Check if a hosts block exists -if [ ! $(kubectl get cm -n $NAMESPACE $CONFIGMAP -o yaml | grep "hosts.*{" | wc -l) -gt 0 ]; then - # if doesn't exist add hosts block after `kubernetes` block - - # build the string to insert - read -r -d '' INSERT_STRING << EOF - hosts { - $(echo -e "$MAPPED_HOSTS") - fallthrough - } -EOF - - echo insert string - echo -e "$INSERT_STRING" - - # escape newlines - INSERT_STRING="${INSERT_STRING//$'\n'/\\n}" - - # Create new Corefile with hosts block - COREFILE_NEW=$(echo "$COREFILE" | sed -Ez "s/kubernetes/$INSERT_STRING\n &/") -else - COREFILE="$(echo "$COREFILE" | sed -z 's/#swf-begin.*#swf-end//')" - # if exists add hostname and ip to existing hosts block - COREFILE_NEW=$(echo "$COREFILE" | sed -E "s/hosts.*/&\n $(echo "$MAPPED_HOSTS")/") -fi - -# build a configmap patch -cat << EOF > $TMP_FILE -data: - Corefile: | -$(while IFS= read -r line; do printf '%4s%s\n' '' "$line"; done <<< "$COREFILE_NEW") -EOF - -cat $TMP_FILE - -# apply the configmap -echo "Attempting to apply the following ConfigMap patch:" -echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~" -cat $TMP_FILE -echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~" -kubectl patch configmap -n $NAMESPACE $CONFIGMAP --patch-file $TMP_FILE - -# restart coredns -kubectl rollout restart -n $NAMESPACE deployment/$DEPLOYMENT - -# cleanup the tmp file -rm -f $TMP_FILE diff --git a/packages/idam-dns/zarf.yaml b/packages/idam-dns/zarf.yaml deleted file mode 100644 index 5927e8de..00000000 --- a/packages/idam-dns/zarf.yaml +++ /dev/null @@ -1,22 +0,0 @@ -# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/zarf/main/zarf.schema.json -kind: ZarfPackageConfig -metadata: - name: software-factory-idam-dns - description: "Creates internal DNS entries for auth callbacks" - version: "1.0.0" - architecture: amd64 - -components: - - name: dns-script - required: true - files: - - source: files/coredns-add-hostname.sh - target: coredns-add-hostname.sh - executable: true - - - name: create-internal-dns-entries - required: false - actions: - onDeploy: - after: - - cmd: ./coredns-add-hostname.sh diff --git a/tasks.yaml b/tasks.yaml index 3180a44a..b27376ea 100644 --- a/tasks.yaml +++ b/tasks.yaml @@ -12,7 +12,6 @@ tasks: - task: create:database-manifest-packages - task: create:gitlab-redis-secret-package - task: create:namespaces-package - - task: create:idam-packages - task: create:object-store-packages - task: create:additional-manifests-package - task: create:bundle diff --git a/tasks/create.yaml b/tasks/create.yaml index a757b888..4854281b 100644 --- a/tasks/create.yaml +++ b/tasks/create.yaml @@ -14,39 +14,34 @@ tasks: - name: bundle description: Create the UDS Bundle with SWF on UDS Core actions: - - cmd: uds create ./bundles/uds-core-swf --architecture=${ARCH} --confirm + - cmd: ./uds create ./bundles/uds-core-swf --architecture=${ARCH} --confirm - cmd: mv ./bundles/uds-core-swf/uds-bundle-* ./build # Packages - name: database-manifest-packages description: Create database manifest packages actions: - - cmd: uds zarf package create ./packages/databases/confluence/secret --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build - - cmd: uds zarf package create ./packages/databases/gitlab/secret --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build - - cmd: uds zarf package create ./packages/databases/jira/secret --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build - - cmd: uds zarf package create ./packages/databases/sonarqube/secret --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build + - cmd: ./uds zarf package create ./packages/databases/confluence/secret --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build + - cmd: ./uds zarf package create ./packages/databases/gitlab/secret --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build + - cmd: ./uds zarf package create ./packages/databases/jira/secret --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build + - cmd: ./uds zarf package create ./packages/databases/sonarqube/secret --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build - name: gitlab-redis-secret-package description: Create package for the gitlab redis secret actions: - - cmd: uds zarf package create ./packages/gitlab-redis --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build + - cmd: ./uds zarf package create ./packages/gitlab-redis --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build - name: namespaces-package description: Create the namespaces package actions: - - cmd: uds zarf package create ./packages/namespaces --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build - - - name: idam-packages - description: Create the idam packages - actions: - - cmd: uds zarf package create ./packages/idam-dns --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build + - cmd: ./uds zarf package create ./packages/namespaces --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build - name: object-store-packages description: Create the object storage packages actions: - - cmd: uds zarf package create ./packages/object-store/gitlab --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build + - cmd: ./uds zarf package create ./packages/object-store/gitlab --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build - name: additional-manifests-package description: Create package create additional manifests needed. actions: - - cmd: uds zarf package create ./packages/additional-manifests --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build + - cmd: ./uds zarf package create ./packages/additional-manifests --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build