Skip to content

Commit

Permalink
sync upstream changes
Browse files Browse the repository at this point in the history
  • Loading branch information
@tapas4java
tapas4java committed Oct 11, 2024
2 parents 29bf55a + 5a13582 commit 16dfadf
Show file tree
Hide file tree
Showing 39 changed files with 319 additions and 68 deletions.
5 changes: 5 additions & 0 deletions .github/workflows/pr.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,4 +16,9 @@ jobs:
- name: Run tests
run: |
make build
if [[ -n $(git status --porcelain) ]]; then
echo "git is in dirty state";
git status --porcelain=2 --branch
exit 1
fi
make test
9 changes: 6 additions & 3 deletions pkg/build/templates/coredns/cm-coredns-default.yaml.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,12 @@ metadata:
namespace: kube-system
data:
default.conf: |
# subdomain names resolves to ingress IP. e.g. gitea.cnoe.localtest.me becomes ingress-nginx-controller.ingress-nginx.svc.cluster.local
# Goal: Rewrite rules for in-cluster access to a service: gitea, argocd, etc using the same FQDN as for external access

# subdomain names e.g. gitea.cnoe.localtest.me resolves to the IP address of the kubernetes ingress service and then will become ingress-nginx-controller.ingress-nginx.svc.cluster.local
rewrite stop {
name regex (.*).{{ .Host }} ingress-nginx-controller.ingress-nginx.svc.cluster.local
name regex (.*).{{ .Host }} ingress-nginx-controller.ingress-nginx.svc.cluster.local answer auto
}
# host name resolves to ingress IP

# host name resolves to the IP address of the kubernetes ingress service
rewrite name exact {{ .Host }} ingress-nginx-controller.ingress-nginx.svc.cluster.local
11 changes: 1 addition & 10 deletions pkg/controllers/gitrepository/controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ package gitrepository

import (
"context"
"crypto/tls"
"errors"
"fmt"
"net"
Expand Down Expand Up @@ -73,15 +72,7 @@ func getFallbackRepositoryURL(repo *v1alpha1.GitRepository, info repoInfo) strin
func GetGitProvider(ctx context.Context, repo *v1alpha1.GitRepository, kubeClient client.Client, scheme *runtime.Scheme, tmplConfig util.CorePackageTemplateConfig) (gitProvider, error) {
switch repo.Spec.Provider.Name {
case v1alpha1.GitProviderGitea:
tr := &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
DialContext: (&net.Dialer{
Timeout: gitTCPTimeout,
KeepAlive: 30 * time.Second, // from http.DefaultTransport
}).DialContext,
}
c := &http.Client{Transport: tr, Timeout: gitHTTPTimeout}
giteaClient, err := NewGiteaClient(repo.Spec.Provider.GitURL, gitea.SetHTTPClient(c))
giteaClient, err := NewGiteaClient(repo.Spec.Provider.GitURL, gitea.SetHTTPClient(util.GetHttpClient()))
if err != nil {
return nil, err
}
Expand Down
141 changes: 114 additions & 27 deletions pkg/controllers/localbuild/gitea.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,28 +2,33 @@ package localbuild

import (
"context"
"crypto/tls"
"embed"
"encoding/base64"
"fmt"
"net/http"
"time"

"code.gitea.io/sdk/gitea"
"github.com/adhar-io/adhar/api/v1alpha1"
"github.com/adhar-io/adhar/pkg/k8s"
"github.com/adhar-io/adhar/pkg/util"
corev1 "k8s.io/api/core/v1"
k8serrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apimachinery/pkg/types"
ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/log"
)

const (
// hardcoded values from what we have in the yaml installation file.
giteaNamespace = "gitea"
giteaAdminSecret = "gitea-credential"
giteaNamespace = "gitea"
giteaAdminSecret = "gitea-credential"
giteaAdminTokenName = "admin"
giteaAdminTokenFieldName = "token"
// this is the URL accessible outside cluster. resolves to localhost
giteaIngressURL = "%s://gitea.adhar.localtest.me:%s"
// this is the URL accessible within cluster for ArgoCD to fetch resources.
Expand All @@ -38,11 +43,7 @@ func RawGiteaInstallResources(templateData any, config v1alpha1.PackageCustomiza
return k8s.BuildCustomizedManifests(config.FilePath, "resources/gitea/k8s", installGiteaFS, scheme, templateData)
}

func newGiteaAdminSecret() (corev1.Secret, error) {
pass, err := util.GeneratePassword()
if err != nil {
return corev1.Secret{}, err
}
func giteaAdminSecretObject() corev1.Secret {
return corev1.Secret{
TypeMeta: metav1.TypeMeta{
Kind: "Secret",
Expand All @@ -52,11 +53,20 @@ func newGiteaAdminSecret() (corev1.Secret, error) {
Name: giteaAdminSecret,
Namespace: giteaNamespace,
},
StringData: map[string]string{
"username": v1alpha1.GiteaAdminUserName,
"password": pass,
},
}, nil
}
}

func newGiteaAdminSecret() (corev1.Secret, error) {
pass, err := util.GeneratePassword()
if err != nil {
return corev1.Secret{}, err
}
obj := giteaAdminSecretObject()
obj.StringData = map[string]string{
"username": v1alpha1.GiteaAdminUserName,
"password": pass,
}
return obj, nil
}

func (r *LocalbuildReconciler) ReconcileGitea(ctx context.Context, req ctrl.Request, resource *v1alpha1.Localbuild) (ctrl.Result, error) {
Expand All @@ -75,13 +85,25 @@ func (r *LocalbuildReconciler) ReconcileGitea(ctx context.Context, req ctrl.Requ
},
}

giteCreds, err := newGiteaAdminSecret()
sec := giteaAdminSecretObject()
err := r.Client.Get(ctx, types.NamespacedName{
Namespace: sec.GetNamespace(),
Name: sec.GetName(),
}, &sec)

if err != nil {
return ctrl.Result{}, fmt.Errorf("generating gitea admin secret: %w", err)
if k8serrors.IsNotFound(err) {
giteaCreds, err := newGiteaAdminSecret()
if err != nil {
return ctrl.Result{}, fmt.Errorf("generating gitea admin secret: %w", err)
}
gitea.unmanagedResources = []client.Object{&giteaCreds}
sec = giteaCreds
} else {
return ctrl.Result{}, fmt.Errorf("getting gitea secret: %w", err)
}
}

gitea.unmanagedResources = []client.Object{&giteCreds}

v, ok := resource.Spec.PackageConfigs.CorePackageCustomization[v1alpha1.GiteaPackageName]
if ok {
gitea.customization = v
Expand All @@ -94,16 +116,8 @@ func (r *LocalbuildReconciler) ReconcileGitea(ctx context.Context, req ctrl.Requ
baseUrl := giteaBaseUrl(r.Config)
// need this to ensure gitrepository controller can reach the api endpoint.
logger.V(1).Info("checking gitea api endpoint", "url", baseUrl)
c := &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: true,
},
},
Timeout: 2 * time.Second,
}
c := util.GetHttpClient()
resp, err := c.Get(baseUrl)

if err != nil {
return ctrl.Result{}, err
}
Expand All @@ -115,6 +129,11 @@ func (r *LocalbuildReconciler) ReconcileGitea(ctx context.Context, req ctrl.Requ
}
}

err = r.setGiteaToken(ctx, sec, baseUrl)
if err != nil {
return ctrl.Result{}, fmt.Errorf("creating gitea token: %w", err)
}

resource.Status.Gitea.ExternalURL = baseUrl
resource.Status.Gitea.InternalURL = giteaInternalBaseUrl(r.Config)
resource.Status.Gitea.AdminUserSecretName = giteaAdminSecret
Expand All @@ -123,6 +142,74 @@ func (r *LocalbuildReconciler) ReconcileGitea(ctx context.Context, req ctrl.Requ
return ctrl.Result{}, nil
}

func (r *LocalbuildReconciler) setGiteaToken(ctx context.Context, secret corev1.Secret, baseUrl string) error {
_, ok := secret.Data[giteaAdminTokenFieldName]
if ok {
return nil
}

u := unstructured.Unstructured{}
u.SetName(giteaAdminSecret)
u.SetNamespace(giteaNamespace)
u.SetGroupVersionKind(corev1.SchemeGroupVersion.WithKind("Secret"))

user, ok := secret.Data["username"]
if !ok {
return fmt.Errorf("username field not found in gitea secret")
}

pass, ok := secret.Data["password"]
if !ok {
return fmt.Errorf("password field not found in gitea secret")
}

t, err := getGiteaToken(ctx, baseUrl, string(user), string(pass))
if err != nil {
return fmt.Errorf("getting gitea token: %w", err)
}

token := base64.StdEncoding.EncodeToString([]byte(t))
err = unstructured.SetNestedField(u.Object, token, "data", giteaAdminTokenFieldName)
if err != nil {
return fmt.Errorf("setting gitea token field: %w", err)
}

return r.Client.Patch(ctx, &u, client.Apply, client.ForceOwnership, client.FieldOwner(v1alpha1.FieldManager))
}

func getGiteaToken(ctx context.Context, baseUrl, username, password string) (string, error) {

giteaClient := gitea.NewClientWithHTTP(baseUrl, util.GetHttpClient())
giteaClient.SetBasicAuth(username, password)
giteaClient.SetContext(ctx)
tokens, resp, err := giteaClient.ListAccessTokens(gitea.ListAccessTokensOptions{})
if err != nil {
return "", fmt.Errorf("listing gitea access tokens. status: %s error : %w", resp.Status, err)
}

for i := range tokens {
if tokens[i].Name == giteaAdminTokenName {
resp, err := giteaClient.DeleteAccessToken(tokens[i].ID)
if err != nil {
return "", fmt.Errorf("deleting gitea access tokens. status: %s error : %w", resp.Status, err)
}
break
}
}

token, resp, err := giteaClient.CreateAccessToken(gitea.CreateAccessTokenOption{
Name: giteaAdminTokenName,
Scopes: []gitea.AccessTokenScope{
gitea.AccessTokenScopeAll,
},
})
if err != nil {
return "", fmt.Errorf("deleting gitea access tokens. status: %s error : %w", resp.Status, err)
}

return token.Token, nil
}

func giteaBaseUrl(config util.CorePackageTemplateConfig) string {
return fmt.Sprintf(giteaIngressURL, config.Protocol, config.Port)
}
Expand Down
15 changes: 15 additions & 0 deletions pkg/util/util.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,12 +3,16 @@ package util
import (
"context"
"crypto/rand"
"crypto/tls"
"fmt"
"math"
"math/big"
mathrand "math/rand"
"net"
"net/http"
"path/filepath"
"strings"
"time"

"github.com/adhar-io/adhar/api/v1alpha1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
Expand Down Expand Up @@ -133,3 +137,14 @@ func IsYamlFile(input string) bool {
extension := filepath.Ext(input)
return extension == ".yaml" || extension == ".yml"
}

func GetHttpClient() *http.Client {
tr := &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
DialContext: (&net.Dialer{
Timeout: 5 * time.Second,
KeepAlive: 30 * time.Second, // from http.DefaultTransport
}).DialContext,
}
return &http.Client{Transport: tr, Timeout: 30 * time.Second}
}
1 change: 1 addition & 0 deletions platform/stack/adhar-appset-charts.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ spec:
name: "{{ .name }}"
labels:
environment: "{{ .environment }}"
cnoe.io/package-name: adhar-stack
spec:
project: default
sources:
Expand Down
11 changes: 8 additions & 3 deletions platform/stack/environments/local/config.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,8 +31,13 @@ packages:
install: "true"
manifestPath: "application/argo-workflows"
isChart: "true"
- name: backstage
- name: adhar-console
namespace: backstage
install: "true"
manifestPath: "application/backstage"
isChart: "true"
manifestPath: "core/adhar-console"
isChart: "true"
- name: adhar-templates
namespace: backstage
install: "true"
manifestPath: "application/adhar-templates"
isChart: "false"
2 changes: 1 addition & 1 deletion ...pp-with-bucket/skeleton/catalog-info.yaml → ...pp-with-bucket/skeleton/catalog-info.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ metadata:
backstage.io/kubernetes-namespace: default
argocd/app-name: ${{values.name | dump}}
links:
- url: https://cnoe.localtest.me:8443/gitea
- url: https://adhar.localtest.me:8443/gitea
title: Repo URL
icon: github
spec:
Expand Down
0 ...templates/app-with-bucket/skeleton/go.mod → ...templates/app-with-bucket/skeleton/go.mod
View file
File renamed without changes.
0 ...keleton/kustomize/base/kustomization.yaml → ...keleton/kustomize/base/kustomization.yaml
View file
File renamed without changes.
0 ...bucket/skeleton/kustomize/base/nginx.yaml → ...bucket/skeleton/kustomize/base/nginx.yaml
View file
File renamed without changes.
0 ...skeleton/kustomize/dev/kustomization.yaml → ...skeleton/kustomize/dev/kustomization.yaml
View file
File renamed without changes.
0 ...keleton/kustomize/prod/kustomization.yaml → ...keleton/kustomize/prod/kustomization.yaml
View file
File renamed without changes.
0 ...emplates/app-with-bucket/skeleton/main.go → ...emplates/app-with-bucket/skeleton/main.go
View file
File renamed without changes.
0 ...e-templates/app-with-bucket/template.yaml → ...r-templates/app-with-bucket/template.yaml
View file
File renamed without changes.
2 changes: 1 addition & 1 deletion ...emplates/basic/skeleton/catalog-info.yaml → ...emplates/basic/skeleton/catalog-info.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ metadata:
backstage.io/kubernetes-namespace: default
argocd/app-name: ${{values.name | dump}}
links:
- url: https://cnoe.localtest.me:8443/gitea
- url: https://adhar.localtest.me:8443/gitea
title: Repo URL
icon: github
spec:
Expand Down
0 .../basic/skeleton/manifests/deployment.yaml → .../basic/skeleton/manifests/deployment.yaml
View file
File renamed without changes.
0 ...n/backstage-templates/basic/template.yaml → ...ation/adhar-templates/basic/template.yaml
View file
File renamed without changes.
0 ...ion/backstage-templates/catalog-info.yaml → ...ication/adhar-templates/catalog-info.yaml
View file
File renamed without changes.
0 ...ackages/application/backstage/.helmignore → ...k/packages/core/adhar-console/.helmignore
View file
File renamed without changes.
4 changes: 2 additions & 2 deletions ...packages/application/backstage/Chart.yaml → ...ck/packages/core/adhar-console/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
apiVersion: v2
name: backstage
description: Helm chart for CNOE backstage ref implementation
name: adhar-console
description: Helm chart for ADHAR backstage ref implementation

# A chart can be either an 'application' or a 'library' chart.
#
Expand Down
0 ...e/templates/backstage/argocd-secrets.yaml → ...e/templates/backstage/argocd-secrets.yaml
View file
File renamed without changes.
4 changes: 2 additions & 2 deletions ...stage/templates/backstage/config-map.yaml → ...nsole/templates/backstage/config-map.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,10 @@ metadata:
data:
app-config.yaml: |
app:
title: CNOE Backstage
title: Adhar Backstage
baseUrl: https://{{ .Values.networking.host }}:{{ .Values.networking.port }}
organization:
name: CNOE
name: Adhar
backend:
# Used for enabling authentication, secret is shared by all backend plugins
# See https://backstage.io/docs/tutorials/backend-to-backend-auth for
Expand Down
0 ...stage/templates/backstage/deployment.yaml → ...nsole/templates/backstage/deployment.yaml
View file
File renamed without changes.
0 ...ackstage/templates/backstage/ingress.yaml → ...-console/templates/backstage/ingress.yaml
View file
File renamed without changes.
0 ...n/backstage/templates/backstage/rbac.yaml → ...har-console/templates/backstage/rbac.yaml
View file
File renamed without changes.
0 ...backstage/templates/backstage/secret.yaml → ...r-console/templates/backstage/secret.yaml
View file
File renamed without changes.
0 ...ackstage/templates/backstage/service.yaml → ...-console/templates/backstage/service.yaml
View file
File renamed without changes.
0 ...e/templates/backstage/serviceaccount.yaml → ...e/templates/backstage/serviceaccount.yaml
View file
File renamed without changes.
0 ...emplates/postgresql/external-secrets.yaml → ...emplates/postgresql/external-secrets.yaml
View file
File renamed without changes.
0 ...ckstage/templates/postgresql/service.yaml → ...console/templates/postgresql/service.yaml
View file
File renamed without changes.
0 ...ge/templates/postgresql/stateful-set.yaml → ...le/templates/postgresql/stateful-set.yaml
View file
File renamed without changes.
0 ...ackages/application/backstage/values.yaml → ...k/packages/core/adhar-console/values.yaml
View file
File renamed without changes.
0 ...tack/packages/core/adhar-console/.gitkeep → ...ges/core/open-cluster-management/.gitkeep
View file
File renamed without changes.
0 platform/stack/packages/core/ocm/.gitkeep → ...form/stack/packages/core/sveltos/.gitkeep
View file
File renamed without changes.
0 ...ack/packages/infrastructure/capi/.gitkeep → ...m/stack/packages/data/opensearch/.gitkeep
View file
File renamed without changes.
8 changes: 4 additions & 4 deletions platform/stack/packages/security/keycloak/templates/secret-gen.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,13 +27,13 @@ spec:
cnoe.io/package-name: keycloak
engineVersion: v2
data:
KEYCLOAK_ADMIN_PASSWORD: password #"{{.KEYCLOAK_ADMIN_PASSWORD}}"
KEYCLOAK_ADMIN_PASSWORD: "{{.KEYCLOAK_ADMIN_PASSWORD}}"
KC_DB_USERNAME: keycloak
KC_DB_PASSWORD: password #"{{.KC_DB_PASSWORD}}"
KC_DB_PASSWORD: "{{.KC_DB_PASSWORD}}"
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: password #"{{.KC_DB_PASSWORD}}"
USER_PASSWORD: password #"{{.USER_PASSWORD}}"
POSTGRES_PASSWORD: "{{.KC_DB_PASSWORD}}"
USER_PASSWORD: "{{.USER_PASSWORD}}"
dataFrom:
- sourceRef:
generatorRef:
Expand Down
Loading

0 comments on commit 16dfadf

Please sign in to comment.