openinfradev · seungkyua · Mar 25, 2022 · Mar 24, 2022
diff --git a/deploy_apps/tks-service-mesh-dashboard-wftpl.yaml b/deploy_apps/tks-service-mesh-dashboard-wftpl.yaml
@@ -8,11 +8,11 @@ spec:
   arguments:
     parameters:
     - name: cluster_id
-      value: "04a70f29-4174-490b-9b2b-7008967f7d7d"
+      value: "0f4d64b7-d0c8-4e0a-a8cf-49091406a145"
     - name: app_prefix
       value: "{{=sprig.substr(0, 8, workflow.parameters.cluster_id)}}"
     - name: aws_load_balancer
-      value: "04a70f29-lb-661037456.ap-northeast-2.elb.amazonaws.com"
+      value: "ab1244140412948c9a8964d583497c5e-069753166a16f89f.elb.ap-northeast-2.amazonaws.com"
     - name: zone_id
       value: "Z104697219C1N0592X9B3"
     - name: service_domain
@@ -27,13 +27,12 @@ spec:
       value: "cluster.local"
     - name: service_cert_secret_name
       value: "taco-cat-tls"
-    - name: site_name
-      value: "{{ workflow.parameters.cluster_id }}"
-    - name: manifest_repo_url
-      value: "https://github.com/tks-management/04a70f29-4174-490b-9b2b-7008967f7d7d-manifests"
-    - name: revision
-      value: "main"
-
+
+  volumes:
+  - name: kubeconfig-adm
+    secret:
+      secretName: tks-admin-kubeconfig-secret
+
   templates:
   #=========================================================
   # Template Pipeline
@@ -287,22 +286,8 @@ spec:
           - name: app_port
             value: 9110
 
-    # Create TKS-PORTAL
-    - - name: get-keycloak-client-secret
-        template: get-keycloak-client-secret
-        arguments:
-          parameters:
-          - name: realms
-            value: "{{workflow.parameters.app_prefix}}"
-          - name: keycloak_namespace
-            value: "{{workflow.parameters.keycloak_namespace}}"
-          - name: keycloak_instance_name
-            value: "{{workflow.parameters.keycloak_instance_name}}"
-          - name: keycloak_url
-            value: "{{workflow.parameters.keycloak_url}}"
-
-    - - name: update-site-values
-        template: update-site-values
+    - - name: install-servicemesh-portal
+        template: install-servicemesh-portal
         arguments:
           parameters:
           - name: realms
@@ -316,18 +301,7 @@ spec:
           - name: service_domain
             value: "{{workflow.parameters.service_domain}}"
           - name: client_secret
-            value: "{{steps.get-keycloak-client-secret.outputs.parameters.client_secret}}"
-
-    - - name: create-application-portal
-        templateRef:
-          name: create-application
-          template: installApps
-        arguments:
-          parameters: 
-          - name: list
-            value: |
-              [ { "app_group": "service-mesh", "path": "servicemesh-portal","namespace": "istio-system","target_cluster": "" } ]
-
+            value: "4HD80RVTQhkHTtb2eOqXocoP6bF3Vr7A"
 
 
   #=========================================================
@@ -949,70 +923,7 @@ spec:
     retryStrategy:
       limit: 2
 
-  - name: get-keycloak-client-secret
-    inputs:
-      parameters:
-      - name: realms
-      - name: keycloak_namespace
-      - name: keycloak_instance_name
-      - name: keycloak_url
-    outputs:
-      parameters:
-      - name: client_secret
-        valueFrom:
-          path: /mnt/out/client_secret.txt
-    volumes:
-    - name: out
-      emptyDir: {}
-    container:
-      name: create-group
-      image: 'portainer/kubectl-shell:latest-v1.21.1-amd64'
-      volumeMounts:
-      - name: out
-        mountPath: /mnt/out
-      command:
-        - /bin/bash
-        - '-c'
-        - |
-          function log() {
-            level=$1
-            msg=$2
-            date=$(date '+%F %H:%M:%S')
-            echo "[$date] $level     $msg"
-          }
-          REALMS={{inputs.parameters.realms}}
-          KEYCLOAK_NAMESPACE={{inputs.parameters.keycloak_namespace}}
-          KEYCLOAK_INSTANCE_NAME={{inputs.parameters.keycloak_instance_name}}
-          KEYCLOAK_URL={{inputs.parameters.keycloak_url}}
-          ADMIN_USERNAME=$(kubectl get secrets -n ${KEYCLOAK_NAMESPACE} credential-${KEYCLOAK_INSTANCE_NAME} -o jsonpath='{.data.ADMIN_USERNAME}' | base64 -d)
-          ADMIN_PASSWORD=$(kubectl get secrets -n ${KEYCLOAK_NAMESPACE} credential-${KEYCLOAK_INSTANCE_NAME} -o jsonpath='{.data.ADMIN_PASSWORD}' | base64 -d)
-          TOKEN=""
-          function get_token() {
-            TOKEN=$(curl -s POST https://${KEYCLOAK_URL}/auth/realms/master/protocol/openid-connect/token \
-                      -d client_id=admin-cli -d grant_type=password \
-                      -d username=${ADMIN_USERNAME} -d password=${ADMIN_PASSWORD} \
-                      | jq -r '.access_token')
-          }
-          get_token
-          ID_OF_CLIENT=$(curl -s GET https://${KEYCLOAK_URL}/auth/admin/realms/${REALMS}/clients \
-              -H "Content-Type: application/json" -H "Authorization: Bearer ${TOKEN}" \
-              | jq '.[]' | jq -r 'select(.clientId == "portal" )'.id )
-
-          echo "ID_OF_CLIENT : $ID_OF_CLIENT"
-
-          get_token
-          SECRET=$(curl -s GET https://${KEYCLOAK_URL}/auth/admin/realms/${REALMS}/clients/$ID_OF_CLIENT/client-secret \
-              -H "Content-Type: application/json" -H "Authorization: Bearer ${TOKEN}" \
-              | jq -r .value )
-
-          echo $SECRET > /mnt/out/client_secret.txt
-
-          log "INFO" "get secrets. $SECRET"
-    activeDeadlineSeconds: 900
-    retryStrategy:
-      limit: 2
-
-  - name: update-site-values
+  - name: install-servicemesh-portal
     inputs:
       parameters:
       - name: realms
@@ -1022,60 +933,36 @@ spec:
       - name: service_domain
       - name: client_secret
     container:
-      name: 'updateSiteValues'
-      image: docker.io/sktcloud/ghcli-alpine:2.0.0
+      name: 'install-servicemesh-portal'
+      image: 'portainer/kubectl-shell:latest-v1.21.1-amd64'
       imagePullPolicy: IfNotPresent
       command:
         - /bin/bash
         - -ecx
         - |
-          function log() {
-            level=$1
-            msg=$2
-            date=$(date '+%F %H:%M:%S')
-            echo "[$date] $level     $msg"
-          }
+          mkdir ~/.kube
+          cp /kube/value ~/.kube/config
 
-          DASHBOARD_URL=dashboard-${REALMS}.${SERVICE_DOMAIN}
-          echo "DASHBOARD_URL : ${DASHBOARD_URL}"
-
-          echo $TOKEN | gh auth login --with-token
-          git clone https://$(echo -n $TOKEN)@github.com/${USERNAME}/${CLUSTER_ID}.git
-          cd $CLUSTER_ID
-
-          ## Replace site-values with fetched params ##
-          sed -i "s/username:\ CHANGEME/username: $KEYCLOAK_ID/g" $CLUSTER_ID/service-mesh/site-values.yaml
-          sed -i "s/password:\ CHANGEME/password: $KEYCLOAK_PASSWORD/g" $CLUSTER_ID/service-mesh/site-values.yaml
-          sed -i "s/auth-server-url:\ CHANGEME/auth-server-url: https:\/\/$KEYCLOAK_URL\/auth/g" $CLUSTER_ID/service-mesh/site-values.yaml
-          sed -i "s/url:\ CHANGEME/url: https:\/\/$DASHBOARD_URL/g" $CLUSTER_ID/service-mesh/site-values.yaml
-          sed -i "s/secret:\ CHANGEME/secret: $CLIENT_SECRET/g" $CLUSTER_ID/service-mesh/site-values.yaml
-          sed -i "s/realm:\ CHANGEME/realm: $REALMS/g" $CLUSTER_ID/service-mesh/site-values.yaml
-
-          git config --global user.email "[email protected]"
-          git config --global user.name "SKTelecom TACO"
-
-          if [ -n "$(git status --porcelain)" ]; then
-            echo "there are changes";
-            git add $CLUSTER_ID/service-mesh/site-values.yaml
-            git commit -m "update new ${CLUSTER_ID} site"
-            git branch -M main
-            git remote set-url origin https://$(echo -n $TOKEN)@github.com/${USERNAME}/${CLUSTER_ID}
-            git remote -v
-            git push -u origin main
-
-            # buffer for starting the github action
-            sleep 30
-            # waiting for complete of the github action
-            gh run list --workflow GenerateYaml --limit 1
-            gh run watch $(gh run list --workflow GenerateYaml --limit 1| grep $CLUSTER_ID | awk -F push '{print $2}' | awk '{print $1}')
-          else
-            echo "no changes";
-          fi
+          kubectl get secret -n ${CLUSTER_ID} ${CLUSTER_ID}-kubeconfig -o=jsonpath='{.data.value}' | base64 -d > ~/.kube/config
+
+          DASHBOARD_URL=https://dashboard-${REALMS}.${SERVICE_DOMAIN}
 
-          log "INFO" "update site-values."
-      envFrom:
-        - secretRef:
-            name: "github-tks-mgmt-token"
+          helm repo add openinfradev https://openinfradev.github.io/helm-repo
+          helm repo update
+
+          helm upgrade -i servicemesh-portal -n istio-system --wait \
+            --set application.tks.admin.username=${KEYCLOAK_ID} \
+            --set application.tks.admin.password=${KEYCLOAK_PASSWORD} \
+            --set application.tks.url=${DASHBOARD_URL} \
+            --set application.keycloak.realm=${REALMS} \
+            --set application.keycloak.credentials.secret=${CLIENT_SECRET} \
+            --set application.keycloak.auth-server-url=https://${KEYCLOAK_URL}/auth \
+            openinfradev/servicemesh-portal
+
+          kubectl rollout restart deployment servicemesh-portal -n istio-system
+      volumeMounts:
+      - name: kubeconfig-adm
+        mountPath: "/kube"
       env:
         - name: CLUSTER_ID
           value: "{{workflow.parameters.cluster_id}}"