From 4f4604e558befa528babc5adbe4b591d928ede3d Mon Sep 17 00:00:00 2001 From: indresh-28 Date: Mon, 29 Jan 2024 21:53:40 +0530 Subject: [PATCH 1/2] update cosign docker secrets --- .../internal/tekton/config_tekton_app.go | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/capten/config-worker/internal/tekton/config_tekton_app.go b/capten/config-worker/internal/tekton/config_tekton_app.go index a06ca7a4..938da9ad 100644 --- a/capten/config-worker/internal/tekton/config_tekton_app.go +++ b/capten/config-worker/internal/tekton/config_tekton_app.go @@ -29,7 +29,8 @@ var ( githubWebhook = "github-webhook-secret" argoCred = "argocd" crossplaneProjectConfig = "extraconfig" - secrets = []string{gitCred, dockerCred, githubWebhook, argoCred, crossplaneProjectConfig} + cosignDockerSecret = "cosign-docker-secret" + secrets = []string{gitCred, dockerCred, githubWebhook, argoCred, crossplaneProjectConfig, cosignDockerSecret} pipelineNamespace = "tekton-pipelines" tektonChildTasks = []string{"tekton-cluster-tasks"} addPipeline = "add" @@ -330,6 +331,20 @@ func (cp *TektonApp) createOrUpdateSecrets(ctx context.Context, req *model.Tekto return fmt.Errorf("failed to create/update k8s secret, %v", err) } + case cosignDockerSecret: + username, password, err := cp.helper.GetContainerRegCreds(ctx, + req.CredentialIdentifiers[agentmodel.Container].Identifier, req.CredentialIdentifiers[agentmodel.Container].Id) + if err != nil { + return fmt.Errorf("failed to get docker cfg secret, %v", err) + } + strdata["username"] = []byte(username) + strdata["password"] = []byte(password) + strdata["registry"] = []byte(req.CredentialIdentifiers[agentmodel.Container].Url) + if err := k8sclient.CreateOrUpdateSecret(ctx, pipelineNamespace, secName, + v1.SecretTypeOpaque, strdata, map[string]string{}); err != nil { + return fmt.Errorf("failed to create/update k8s secret, %v", err) + } + case gitCred, githubWebhook: username, token, err := cp.helper.GetGitCreds(ctx, req.CredentialIdentifiers[agentmodel.GitOrg].Id) if err != nil { From 2828729bac1013905f50cc36e400c31d4f16b5da Mon Sep 17 00:00:00 2001 From: indresh-28 Date: Tue, 30 Jan 2024 20:39:34 +0530 Subject: [PATCH 2/2] Update latest cluster files --- .../internal/capten-store/argocd_projects.go | 2 +- .../capten-store/crossplane_project.go | 2 +- .../internal/capten-store/tekton_projects.go | 2 +- .../internal/app_config/app_git_helper.go | 41 ++++++------------- .../crossplane/config_cluster_secrets.go | 4 +- .../internal/tekton/config_tekton_app.go | 27 +++++++----- server/pkg/agent/client.go | 2 +- 7 files changed, 35 insertions(+), 45 deletions(-) diff --git a/capten/agent/internal/capten-store/argocd_projects.go b/capten/agent/internal/capten-store/argocd_projects.go index 7eb3c0d7..8875f6fe 100644 --- a/capten/agent/internal/capten-store/argocd_projects.go +++ b/capten/agent/internal/capten-store/argocd_projects.go @@ -68,7 +68,7 @@ func (a *Store) executeArgoCDProjectsSelectQuery(query string) ([]*model.ArgoCDP &project.Id, &project.GitProjectId, &project.Status, &project.LastUpdateTime) { gitProject, err := a.GetGitProjectForID(project.GitProjectId) if err != nil { - a.log.Errorf("argocd project %s not exist in git projects", project.GitProjectId) + a.log.Debugf("argocd project %s not exist in git projects, %v", project.GitProjectId, err) continue } diff --git a/capten/agent/internal/capten-store/crossplane_project.go b/capten/agent/internal/capten-store/crossplane_project.go index ff853128..ebe9e8e3 100644 --- a/capten/agent/internal/capten-store/crossplane_project.go +++ b/capten/agent/internal/capten-store/crossplane_project.go @@ -122,7 +122,7 @@ func (a *Store) executeCrossplaneProjectsSelectQuery(query string) ([]*model.Cro gitProject, err := a.GetGitProjectForID(project.GitProjectId) if err != nil { - a.log.Errorf("Crossplane project %s not exist in git projects", project.Id) + a.log.Debugf("Crossplane project %s not exist in git projects, %v", project.Id, err) continue } diff --git a/capten/agent/internal/capten-store/tekton_projects.go b/capten/agent/internal/capten-store/tekton_projects.go index a8ee4008..fe2206e2 100644 --- a/capten/agent/internal/capten-store/tekton_projects.go +++ b/capten/agent/internal/capten-store/tekton_projects.go @@ -123,7 +123,7 @@ func (a *Store) executeTektonProjectsSelectQuery(query string) ([]*model.TektonP &project.Id, &project.GitProjectId, &project.Status, &project.LastUpdateTime, &project.WorkflowId, &project.WorkflowStatus) { gitProject, err := a.GetGitProjectForID(project.Id) if err != nil { - a.log.Errorf("tekton project %s not exist in git projects", project.Id) + a.log.Debugf("tekton project %s not exist in git projects, %v", project.Id, err) continue } diff --git a/capten/config-worker/internal/app_config/app_git_helper.go b/capten/config-worker/internal/app_config/app_git_helper.go index 455439e8..846d73c4 100644 --- a/capten/config-worker/internal/app_config/app_git_helper.go +++ b/capten/config-worker/internal/app_config/app_git_helper.go @@ -46,9 +46,10 @@ type Config struct { var logger = logging.NewLogger() type AppGitConfigHelper struct { - cfg Config - gitClient *git.GitClient - accessToken string + cfg Config + gitClient *git.GitClient + argocdClient *argocd.ArgoCDClient + accessToken string } func NewAppGitConfigHelper() (*AppGitConfigHelper, error) { @@ -56,7 +57,11 @@ func NewAppGitConfigHelper() (*AppGitConfigHelper, error) { if err := envconfig.Process("", &cfg); err != nil { return nil, err } - return &AppGitConfigHelper{cfg: cfg, gitClient: git.NewClient()}, nil + argocdClient, err := argocd.NewClient(logger) + if err != nil { + return nil, err + } + return &AppGitConfigHelper{cfg: cfg, gitClient: git.NewClient(), argocdClient: argocdClient}, nil } func (ca *AppGitConfigHelper) GetGitCreds(ctx context.Context, projectId string) (string, string, error) { @@ -205,12 +210,7 @@ func (ca *AppGitConfigHelper) DeployMainApp(ctx context.Context, fileName string } func (ca *AppGitConfigHelper) SyncArgoCDApp(ctx context.Context, ns, resName string) error { - client, err := argocd.NewClient(logger) - if err != nil { - return err - } - - _, err = client.TriggerAppSync(ctx, ns, resName) + _, err := ca.argocdClient.TriggerAppSync(ctx, ns, resName) if err != nil { return err } @@ -219,17 +219,12 @@ func (ca *AppGitConfigHelper) SyncArgoCDApp(ctx context.Context, ns, resName str } func (ca *AppGitConfigHelper) DeleteArgoCDApp(ctx context.Context, ns, resName, mainApp string) error { - client, err := argocd.NewClient(logger) - if err != nil { - return err - } - // _, err = client.Delete(&model.DeleteRequestPayload{Namespace: ns, ReleaseName: resName}) // if err != nil { // return err // } - _, err = client.TriggerAppSync(ctx, ns, mainApp) + _, err := ca.argocdClient.TriggerAppSync(ctx, ns, mainApp) if err != nil { return err } @@ -252,12 +247,7 @@ func (ca *AppGitConfigHelper) CreateCluster(ctx context.Context, id, clusterName return "", err } - client, err := argocd.NewClient(logger) - if err != nil { - return "", err - } - - err = client.CreateOrUpdateCluster(ctx, clusterName, cred[kubeConfig]) + err = ca.argocdClient.CreateOrUpdateCluster(ctx, clusterName, cred[kubeConfig]) if err != nil { return "", err } @@ -266,14 +256,9 @@ func (ca *AppGitConfigHelper) CreateCluster(ctx context.Context, id, clusterName } func (ca *AppGitConfigHelper) WaitForArgoCDToSync(ctx context.Context, ns, resName string) error { - client, err := argocd.NewClient(logger) - if err != nil { - return err - } - synched := false for i := 0; i < 3; i++ { - app, err := client.GetAppSyncStatus(ctx, ns, resName) + app, err := ca.argocdClient.GetAppSyncStatus(ctx, ns, resName) if err != nil { return fmt.Errorf("app %s synch staus fetch failed", resName) } diff --git a/capten/config-worker/internal/crossplane/config_cluster_secrets.go b/capten/config-worker/internal/crossplane/config_cluster_secrets.go index acde2bce..823e65b0 100644 --- a/capten/config-worker/internal/crossplane/config_cluster_secrets.go +++ b/capten/config-worker/internal/crossplane/config_cluster_secrets.go @@ -52,7 +52,7 @@ func (cp *CrossPlaneApp) configureExternalSecretsOnCluster(ctx context.Context, if err != nil { return fmt.Errorf("failed to create cluter vault token secret, %v", err) } - logger.Infof("create %s/%s on cluster cluster %s/%s", namespace, secretStoreName, clusterName) + logger.Infof("created %s/%s on cluster cluster %s", namespace, secretStoreName, clusterName) } for _, extSecret := range extSecrets { @@ -67,7 +67,7 @@ func (cp *CrossPlaneApp) configureExternalSecretsOnCluster(ctx context.Context, logger.Infof("failed to create vault external secret, %v", err) continue } - logger.Infof("create %s/%s on cluster cluster %s/%s", extSecret.Namespace, externalSecretName, clusterName) + logger.Infof("created %s/%s on cluster cluster %s", extSecret.Namespace, externalSecretName, clusterName) } return nil } diff --git a/capten/config-worker/internal/tekton/config_tekton_app.go b/capten/config-worker/internal/tekton/config_tekton_app.go index 938da9ad..a8b36e17 100644 --- a/capten/config-worker/internal/tekton/config_tekton_app.go +++ b/capten/config-worker/internal/tekton/config_tekton_app.go @@ -204,16 +204,14 @@ func (cp *TektonApp) deleteProjectAndApps(ctx context.Context, req *model.Tekton } func (cp *TektonApp) synchPipelineConfig(req *model.TektonPipelineUseCase, templateDir, reqRepo string) error { - if _, err := os.Stat(filepath.Join(reqRepo, cp.pluginConfig.TektonProject)); err != nil { - for _, config := range []string{cp.pluginConfig.TektonProject, filepath.Join(cp.pluginConfig.TektonPipelinePath, cp.pluginConfig.PipelineClusterConfigSyncPath)} { - err := copy.Copy(filepath.Join(templateDir, config), filepath.Join(reqRepo, config), - copy.Options{ - OnDirExists: func(src, dest string) copy.DirExistsAction { - return copy.Replace - }}) - if err != nil { - return fmt.Errorf("failed to copy dir from template to user repo, %v", err) - } + for _, config := range []string{cp.pluginConfig.TektonProject, filepath.Join(cp.pluginConfig.TektonPipelinePath, cp.pluginConfig.PipelineClusterConfigSyncPath)} { + err := copy.Copy(filepath.Join(templateDir, config), filepath.Join(reqRepo, config), + copy.Options{ + OnDirExists: func(src, dest string) copy.DirExistsAction { + return copy.Replace + }}) + if err != nil { + return fmt.Errorf("failed to copy dir from template to user repo, %v", err) } } @@ -378,9 +376,16 @@ func (cp *TektonApp) createOrUpdateSecrets(ctx context.Context, req *model.Tekto if err != nil { return fmt.Errorf("failed to get GetClusterCreds, %v", err) } + + projectURL := req.CredentialIdentifiers[agentmodel.CrossplaneGitProject].Url + projectURLParts := strings.Split(projectURL, "https://") + if len(projectURLParts) != 2 { + return fmt.Errorf("project url not in correct format, %s", projectURL) + } + strdata["GIT_USER_NAME"] = []byte(username) strdata["GIT_TOKEN"] = []byte(token) - strdata["GIT_PROJECT_URL"] = []byte(req.CredentialIdentifiers[agentmodel.CrossplaneGitProject].Url) + strdata["GIT_PROJECT_URL"] = []byte(projectURLParts[1]) strdata["APP_CONFIG_PATH"] = []byte(filepath.Join(cp.crossplanConfig.ClusterEndpointUpdates.ClusterDefaultAppValuesPath, req.CredentialIdentifiers[agentmodel.ManagedCluster].Url, "apps")) strdata["CLUSTER_CA"] = []byte(kubeCa) strdata["CLUSTER_ENDPOINT"] = []byte(kubeEndpoint) diff --git a/server/pkg/agent/client.go b/server/pkg/agent/client.go index 572369ed..f0cff663 100644 --- a/server/pkg/agent/client.go +++ b/server/pkg/agent/client.go @@ -77,7 +77,7 @@ func getConnection(cfg *Config, oryClient oryclient.OryClient) (*grpc.ClientConn } dialOptions := []grpc.DialOption{ - grpc.WithUnaryInterceptor(timeout.UnaryClientInterceptor(5 * time.Second)), + grpc.WithUnaryInterceptor(timeout.UnaryClientInterceptor(60 * time.Second)), } if cfg.AuthEnabled {