Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ASTRACTL-33839 #358

Merged
merged 18 commits into from
Jun 6, 2024
Merged

ASTRACTL-33839 #358

Changes from 5 commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
6096fb4
first steps
zachatnetapp Jun 4, 2024
6f45fcc
kubectl -k command works now
zachatnetapp Jun 5, 2024
8937d3c
remove white space
zachatnetapp Jun 5, 2024
0381dac
feedback
zachatnetapp Jun 5, 2024
8120f62
merge
zachatnetapp Jun 5, 2024
11a3d6d
stuff
zachatnetapp Jun 5, 2024
ac7a49c
Update unified-installer/astra-unified-installer.sh
zachatnetapp Jun 5, 2024
172fc0e
Update unified-installer/astra-unified-installer.sh
zachatnetapp Jun 5, 2024
52e3d0c
dont remove thing we need
zachatnetapp Jun 5, 2024
70d1845
generate_docker_registry_secret function
zachatnetapp Jun 5, 2024
73fca4c
get_trident_namespace
zachatnetapp Jun 5, 2024
3dfa826
labels
zachatnetapp Jun 5, 2024
269968f
Merge branch 'main' into ASTRACTL-33839
zachatnetapp Jun 5, 2024
ca83e58
ASTRACTL-32772: bug fixes (#362)
palicena Jun 5, 2024
f3ab7a3
error handling for trident-acp secret applying
zachatnetapp Jun 5, 2024
9f2ef0c
Merge branch 'main' into ASTRACTL-33839
palicena Jun 6, 2024
807534a
labels!
zachatnetapp Jun 6, 2024
3917412
Merge branch 'main' into ASTRACTL-33839
zachatnetapp Jun 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
130 changes: 94 additions & 36 deletions unified-installer/astra-unified-installer.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,7 @@ readonly __GENERATED_OPERATORS_DIR="$__GENERATED_CRS_DIR/operators"
readonly __GENERATED_KUSTOMIZATION_FILE="$__GENERATED_OPERATORS_DIR/kustomization.yaml"
readonly __GENERATED_PATCHES_TORC_FILE="$__GENERATED_CRS_DIR/post-deploy-patches_torc"
readonly __GENERATED_PATCHES_TRIDENT_OPERATOR_FILE="$__GENERATED_OPERATORS_DIR/post-deploy-patches_trident-operator"
readonly __GENERATED_TRIDENT_ACP_SECRET_FILE="$__GENERATED_OPERATORS_DIR/trident-acp-secret.yaml"

readonly __DEBUG=10
readonly __INFO=20
Expand Down Expand Up @@ -2107,6 +2108,85 @@ EOF
fi
}

step_kustomize_global_pull_secret_if_needed() {
local -r global_pull_secret="${1:-""}"
local -r kustomization_file="${2}"
local -r kustomization_dir="$(dirname "$kustomization_file")"
local -r connector_namespace="$(get_connector_namespace)"
local -r trident_namespace="$(get_trident_namespace)"
local -r connector_registry="$(join_rpath "$CONNECTOR_IMAGE_REGISTRY" "$(get_base_repo "$CONNECTOR_IMAGE_REPO")")"
local -r trident_acp_registry="$(join_rpath "$TRIDENT_ACP_IMAGE_REGISTRY" "$(get_base_repo "$TRIDENT_ACP_IMAGE_REPO")")"
local -r encoded_creds=$(echo -n "$ASTRA_ACCOUNT_ID:$ASTRA_API_TOKEN" | base64)

[ -z "$kustomization_file" ] && fatal "no kustomization file given"
[ ! -f "$kustomization_file" ] && fatal "kustomization file '$kustomization_file' does not exist"

# SECRET GENERATOR
cat <<EOF >> "$kustomization_file"
generatorOptions:
disableNameSuffixHash: true
secretGenerator:
- name: astra-api-token
namespace: "${connector_namespace}"
literals:
- apiToken="${ASTRA_API_TOKEN}"
EOF
if [ -z "$global_pull_secret" ]; then
# if image pull secret is empty, set same name for connector and trident secret so torc patch works as expected
IMAGE_PULL_SECRET="astra-regcred"
if components_include_connector; then
cat <<EOF >> "$kustomization_file"
- name: "${IMAGE_PULL_SECRET}"
namespace: "${connector_namespace}"
type: kubernetes.io/dockerconfigjson
literals:
- |
.dockerconfigjson={
"auths": {
"${connector_registry}": {
"username": "$ASTRA_ACCOUNT_ID",
"password": "$ASTRA_API_TOKEN",
"auth": "${encoded_creds}"
}
}
}
EOF
logdebug "$kustomization_file: added connector secret to namespace $connector_namespace"
fi

if components_include_trident && [ "$trident_namespace" != "$connector_namespace" ]; then
cat <<EOF >> "$kustomization_file"
- name: "${IMAGE_PULL_SECRET}"
namespace: "${trident_namespace}"
type: kubernetes.io/dockerconfigjson
literals:
- |
.dockerconfigjson={
"auths": {
"${trident_acp_registry}": {
"username": "$ASTRA_ACCOUNT_ID",
"password": "$ASTRA_API_TOKEN",
"auth": "${encoded_creds}"
}
}
}
EOF
logdebug "$kustomization_file: added trident acp secret to namespace $trident_namespace"
fi
fi

insert_into_file_after_pattern "$kustomization_file" "patches:" '
- target:
kind: Deployment
patch: |-
- op: replace
path: /spec/template/spec/imagePullSecrets
value:
- name: "'"${global_pull_secret}"'"
'
logdebug "$kustomization_file: added pull secret patch ($global_pull_secret)"
}

step_kustomize_global_namespace_if_needed() {
local -r global_namespace="${1:-""}"
local -r kustomization_file="${2}"
Expand Down Expand Up @@ -2211,36 +2291,6 @@ step_generate_astra_connector_yaml() {
fi
loginfo "Memory limit set to: $memory_limit GB"

# SECRET GENERATOR
cat <<EOF >> "$kustomization_file"
generatorOptions:
disableNameSuffixHash: true
secretGenerator:
- name: astra-api-token
namespace: "${connector_namespace}"
literals:
- apiToken="${api_token}"
EOF
if [ -z "$IMAGE_PULL_SECRET" ]; then
cat <<EOF >> "$kustomization_file"
- name: "${connector_regcred_name}"
namespace: "${connector_namespace}"
type: kubernetes.io/dockerconfigjson
literals:
- |
.dockerconfigjson={
"auths": {
"${connector_registry}": {
"username": "${username}",
"password": "${password}",
"auth": "${encoded_creds}"
}
}
}
EOF
fi
logdebug "$kustomization_file: added secrets"

# ASTRA CONNECTOR CR
local labels_field_and_content_with_default=""
if [ -n "$_PROCESSED_LABELS_WITH_DEFAULT" ]; then
Expand Down Expand Up @@ -2478,11 +2528,10 @@ step_generate_trident_operator_patch() {
if echo "$_EXISTING_TRIDENT_OPERATOR_PULL_SECRETS" | grep -q "^${IMAGE_PULL_SECRET}$" &> /dev/null; then
logdebug "image pull secret '$IMAGE_PULL_SECRET' already present in trident-operator"
else
local -r secret_obj='{"name": "'"$IMAGE_PULL_SECRET"'"}'
if [ -z "$_EXISTING_TRIDENT_OPERATOR_PULL_SECRETS" ]; then
patch_list+=',{"op":"replace","path":"/spec/template/spec/imagePullSecrets","value":['"$secret_obj"']}'
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is just for consistency. We don't have this $secret_obj variable in step_generate_torc_patch(), so I'd rather we do the same thing in both places. This came up with I was solving a merge conflict, otherwise I would not have even thought to touch this.

patch_list+=',{"op":"replace","path":"/spec/template/spec/imagePullSecrets","value":[{"name":'"$IMAGE_PULL_SECRET"'}]}'
else
patch_list+=',{"op":"add","path":"/spec/template/spec/imagePullSecrets/-","value":'"$secret_obj"'}'
patch_list+=',{"op":"add","path":"/spec/template/spec/imagePullSecrets/-","value":{"name":'"$IMAGE_PULL_SECRET"'}}'
fi
fi
fi
Expand Down Expand Up @@ -2531,7 +2580,7 @@ step_generate_torc_patch() {
if [ -z "$_EXISTING_TRIDENT_OPERATOR_PULL_SECRETS" ]; then
torc_patch_list+='{"op":"replace","path":"/spec/imagePullSecrets","value":['"$IMAGE_PULL_SECRET"']},'
else
torc_patch_list+='{"op":"add","path":"/spec/imagePullSecrets/-","value":"'"$IMAGE_PULL_SECRET"'"},'
palicena marked this conversation as resolved.
Show resolved Hide resolved
torc_patch_list+='{"op":"add","path":"/spec/imagePullSecrets/-","value":'"$IMAGE_PULL_SECRET"'},'
fi
fi
fi
Expand Down Expand Up @@ -2594,6 +2643,11 @@ step_apply_resources() {
local output=""
local captured_err=""
if ! is_dry_run; then
# apply trident-acp secret if it exists
if [ -e "$__GENERATED_TRIDENT_ACP_SECRET_FILE" ]; then
kubectl apply -f "${__GENERATED_TRIDENT_ACP_SECRET_FILE}" -n "${trident_namespace}"
fi

output="$(kubectl apply -k "$operators_dir" 2> "$__ERR_FILE")"
captured_err="$(get_captured_err)"
if echo "$captured_err" | grep -q "Warning:"; then
Expand Down Expand Up @@ -2841,14 +2895,18 @@ if trident_will_be_installed_or_modified; then
if components_include_acp; then
# Enable ACP if needed (includes ACP upgrade)
if ! acp_is_enabled; then
if config_acp_image_is_custom || prompt_user_yes_no "Would you like to enable Astra Control Provisioner?"; then
if config_acp_image_is_custom || prompt_user_yes_no "Would you like to enable ACP?"; then
zachatnetapp marked this conversation as resolved.
Show resolved Hide resolved
# create trident-acp secret
kubectl create secret docker-registry "$IMAGE_PULL_SECRET" --docker-username="$ASTRA_ACCOUNT_ID" --docker-password="$ASTRA_API_TOKEN" -n trident --docker-server="$TRIDENT_ACP_IMAGE_REGISTRY" --dry-run=client -o yaml > "$__GENERATED_TRIDENT_ACP_SECRET_FILE"
zachatnetapp marked this conversation as resolved.
Show resolved Hide resolved
step_generate_torc_patch "$_EXISTING_TORC_NAME" "" "$(get_config_acp_image)" "true"
else
loginfo "Astra Control Provisioner will not be enabled."
fi
# ACP upgrade (ACP already enabled)
elif acp_image_needs_upgraded; then
if config_acp_image_is_custom || prompt_user_yes_no "Would you like to upgrade Astra Control Provisioner?"; then
if config_acp_image_is_custom || prompt_user_yes_no "Would you like to upgrade ACP?"; then
zachatnetapp marked this conversation as resolved.
Show resolved Hide resolved
# create trident-acp secret
kubectl create secret docker-registry "$IMAGE_PULL_SECRET" --docker-username="$ASTRA_ACCOUNT_ID" --docker-password="$ASTRA_API_TOKEN" -n trident --docker-server="$TRIDENT_ACP_IMAGE_REGISTRY" --dry-run=client -o yaml > "$__GENERATED_TRIDENT_ACP_SECRET_FILE"
step_generate_torc_patch "$_EXISTING_TORC_NAME" "" "$(get_config_acp_image)" "true"
else
loginfo "Astra Control Provisioner will not be upgraded."
Expand Down
Loading