Skip to content

Commit

Permalink
Merge pull request #61 from openinfradev/rearch_tks_portal
Browse files Browse the repository at this point in the history 
feature. remove servicemesh-portal from depod.
  • Loading branch information
@seungkyua
seungkyua authored Mar 25, 2022
2 parents 407e645 + 7c81aaa commit 99f3ba2
Showing 1 changed file with 35 additions and 148 deletions.
183 changes: 35 additions & 148 deletions deploy_apps/tks-service-mesh-dashboard-wftpl.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,11 @@ spec:
arguments:
parameters:
- name: cluster_id
value: "04a70f29-4174-490b-9b2b-7008967f7d7d"
value: "0f4d64b7-d0c8-4e0a-a8cf-49091406a145"
- name: app_prefix
value: "{{=sprig.substr(0, 8, workflow.parameters.cluster_id)}}"
- name: aws_load_balancer
value: "04a70f29-lb-661037456.ap-northeast-2.elb.amazonaws.com"
value: "ab1244140412948c9a8964d583497c5e-069753166a16f89f.elb.ap-northeast-2.amazonaws.com"
- name: zone_id
value: "Z104697219C1N0592X9B3"
- name: service_domain
Expand All @@ -27,13 +27,12 @@ spec:
value: "cluster.local"
- name: service_cert_secret_name
value: "taco-cat-tls"
- name: site_name
value: "{{ workflow.parameters.cluster_id }}"
- name: manifest_repo_url
value: "https://github.com/tks-management/04a70f29-4174-490b-9b2b-7008967f7d7d-manifests"
- name: revision
value: "main"


volumes:
- name: kubeconfig-adm
secret:
secretName: tks-admin-kubeconfig-secret

templates:
#=========================================================
# Template Pipeline
Expand Down Expand Up @@ -287,22 +286,8 @@ spec:
- name: app_port
value: 9110

# Create TKS-PORTAL
- - name: get-keycloak-client-secret
template: get-keycloak-client-secret
arguments:
parameters:
- name: realms
value: "{{workflow.parameters.app_prefix}}"
- name: keycloak_namespace
value: "{{workflow.parameters.keycloak_namespace}}"
- name: keycloak_instance_name
value: "{{workflow.parameters.keycloak_instance_name}}"
- name: keycloak_url
value: "{{workflow.parameters.keycloak_url}}"

- - name: update-site-values
template: update-site-values
- - name: install-servicemesh-portal
template: install-servicemesh-portal
arguments:
parameters:
- name: realms
Expand All @@ -316,18 +301,7 @@ spec:
- name: service_domain
value: "{{workflow.parameters.service_domain}}"
- name: client_secret
value: "{{steps.get-keycloak-client-secret.outputs.parameters.client_secret}}"

- - name: create-application-portal
templateRef:
name: create-application
template: installApps
arguments:
parameters:
- name: list
value: |
[ { "app_group": "service-mesh", "path": "servicemesh-portal","namespace": "istio-system","target_cluster": "" } ]
value: "4HD80RVTQhkHTtb2eOqXocoP6bF3Vr7A"


#=========================================================
Expand Down Expand Up @@ -949,70 +923,7 @@ spec:
retryStrategy:
limit: 2

- name: get-keycloak-client-secret
inputs:
parameters:
- name: realms
- name: keycloak_namespace
- name: keycloak_instance_name
- name: keycloak_url
outputs:
parameters:
- name: client_secret
valueFrom:
path: /mnt/out/client_secret.txt
volumes:
- name: out
emptyDir: {}
container:
name: create-group
image: 'portainer/kubectl-shell:latest-v1.21.1-amd64'
volumeMounts:
- name: out
mountPath: /mnt/out
command:
- /bin/bash
- '-c'
- |
function log() {
level=$1
msg=$2
date=$(date '+%F %H:%M:%S')
echo "[$date] $level $msg"
}
REALMS={{inputs.parameters.realms}}
KEYCLOAK_NAMESPACE={{inputs.parameters.keycloak_namespace}}
KEYCLOAK_INSTANCE_NAME={{inputs.parameters.keycloak_instance_name}}
KEYCLOAK_URL={{inputs.parameters.keycloak_url}}
ADMIN_USERNAME=$(kubectl get secrets -n ${KEYCLOAK_NAMESPACE} credential-${KEYCLOAK_INSTANCE_NAME} -o jsonpath='{.data.ADMIN_USERNAME}' | base64 -d)
ADMIN_PASSWORD=$(kubectl get secrets -n ${KEYCLOAK_NAMESPACE} credential-${KEYCLOAK_INSTANCE_NAME} -o jsonpath='{.data.ADMIN_PASSWORD}' | base64 -d)
TOKEN=""
function get_token() {
TOKEN=$(curl -s POST https://${KEYCLOAK_URL}/auth/realms/master/protocol/openid-connect/token \
-d client_id=admin-cli -d grant_type=password \
-d username=${ADMIN_USERNAME} -d password=${ADMIN_PASSWORD} \
| jq -r '.access_token')
}
get_token
ID_OF_CLIENT=$(curl -s GET https://${KEYCLOAK_URL}/auth/admin/realms/${REALMS}/clients \
-H "Content-Type: application/json" -H "Authorization: Bearer ${TOKEN}" \
| jq '.[]' | jq -r 'select(.clientId == "portal" )'.id )
echo "ID_OF_CLIENT : $ID_OF_CLIENT"
get_token
SECRET=$(curl -s GET https://${KEYCLOAK_URL}/auth/admin/realms/${REALMS}/clients/$ID_OF_CLIENT/client-secret \
-H "Content-Type: application/json" -H "Authorization: Bearer ${TOKEN}" \
| jq -r .value )
echo $SECRET > /mnt/out/client_secret.txt
log "INFO" "get secrets. $SECRET"
activeDeadlineSeconds: 900
retryStrategy:
limit: 2

- name: update-site-values
- name: install-servicemesh-portal
inputs:
parameters:
- name: realms
Expand All @@ -1022,60 +933,36 @@ spec:
- name: service_domain
- name: client_secret
container:
name: 'updateSiteValues'
image: docker.io/sktcloud/ghcli-alpine:2.0.0
name: 'install-servicemesh-portal'
image: 'portainer/kubectl-shell:latest-v1.21.1-amd64'
imagePullPolicy: IfNotPresent
command:
- /bin/bash
- -ecx
- |
function log() {
level=$1
msg=$2
date=$(date '+%F %H:%M:%S')
echo "[$date] $level $msg"
}
mkdir ~/.kube
cp /kube/value ~/.kube/config
DASHBOARD_URL=dashboard-${REALMS}.${SERVICE_DOMAIN}
echo "DASHBOARD_URL : ${DASHBOARD_URL}"
echo $TOKEN | gh auth login --with-token
git clone https://$(echo -n $TOKEN)@github.com/${USERNAME}/${CLUSTER_ID}.git
cd $CLUSTER_ID
## Replace site-values with fetched params ##
sed -i "s/username:\ CHANGEME/username: $KEYCLOAK_ID/g" $CLUSTER_ID/service-mesh/site-values.yaml
sed -i "s/password:\ CHANGEME/password: $KEYCLOAK_PASSWORD/g" $CLUSTER_ID/service-mesh/site-values.yaml
sed -i "s/auth-server-url:\ CHANGEME/auth-server-url: https:\/\/$KEYCLOAK_URL\/auth/g" $CLUSTER_ID/service-mesh/site-values.yaml
sed -i "s/url:\ CHANGEME/url: https:\/\/$DASHBOARD_URL/g" $CLUSTER_ID/service-mesh/site-values.yaml
sed -i "s/secret:\ CHANGEME/secret: $CLIENT_SECRET/g" $CLUSTER_ID/service-mesh/site-values.yaml
sed -i "s/realm:\ CHANGEME/realm: $REALMS/g" $CLUSTER_ID/service-mesh/site-values.yaml
git config --global user.email "[email protected]"
git config --global user.name "SKTelecom TACO"
if [ -n "$(git status --porcelain)" ]; then
echo "there are changes";
git add $CLUSTER_ID/service-mesh/site-values.yaml
git commit -m "update new ${CLUSTER_ID} site"
git branch -M main
git remote set-url origin https://$(echo -n $TOKEN)@github.com/${USERNAME}/${CLUSTER_ID}
git remote -v
git push -u origin main
# buffer for starting the github action
sleep 30
# waiting for complete of the github action
gh run list --workflow GenerateYaml --limit 1
gh run watch $(gh run list --workflow GenerateYaml --limit 1| grep $CLUSTER_ID | awk -F push '{print $2}' | awk '{print $1}')
else
echo "no changes";
fi
kubectl get secret -n ${CLUSTER_ID} ${CLUSTER_ID}-kubeconfig -o=jsonpath='{.data.value}' | base64 -d > ~/.kube/config
DASHBOARD_URL=https://dashboard-${REALMS}.${SERVICE_DOMAIN}
log "INFO" "update site-values."
envFrom:
- secretRef:
name: "github-tks-mgmt-token"
helm repo add openinfradev https://openinfradev.github.io/helm-repo
helm repo update
helm upgrade -i servicemesh-portal -n istio-system --wait \
--set application.tks.admin.username=${KEYCLOAK_ID} \
--set application.tks.admin.password=${KEYCLOAK_PASSWORD} \
--set application.tks.url=${DASHBOARD_URL} \
--set application.keycloak.realm=${REALMS} \
--set application.keycloak.credentials.secret=${CLIENT_SECRET} \
--set application.keycloak.auth-server-url=https://${KEYCLOAK_URL}/auth \
openinfradev/servicemesh-portal
kubectl rollout restart deployment servicemesh-portal -n istio-system
volumeMounts:
- name: kubeconfig-adm
mountPath: "/kube"
env:
- name: CLUSTER_ID
value: "{{workflow.parameters.cluster_id}}"
Expand Down

0 comments on commit 99f3ba2

Please sign in to comment.