Skip to content

Commit

Permalink
Merge pull request #156 from SUSE/merge-upstream
Browse files Browse the repository at this point in the history
Merge upstream
  • Loading branch information
nwmac authored Apr 26, 2019
2 parents 519f643 + 68b5124 commit 0714e93
Show file tree
Hide file tree
Showing 96 changed files with 1,388 additions and 252 deletions.
2 changes: 1 addition & 1 deletion build/bk-build.sh
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ if [ "${VERSION}" == "dev" ]; then
fi

# Build backend or run tests
pushd ${STRATOS}/src/jetstream > /dev/null
pushd "${STRATOS}/src/jetstream" > /dev/null

if [ "${ACTION}" == "build" ]; then
echo "Building backend ..."
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,6 @@ import {
} from '../../../shared/components/create-application/create-application-step1/create-application-step1.component';
import { FocusDirective } from '../../../shared/components/focus.directive';
import { PageHeaderModule } from '../../../shared/components/page-header/page-header.module';
import { StatefulIconComponent } from '../../../shared/components/stateful-icon/stateful-icon.component';
import { SteppersModule } from '../../../shared/components/stepper/steppers.module';
import { CloudFoundryService } from '../../../shared/data-services/cloud-foundry.service';
import { EntityMonitorFactory } from '../../../shared/monitors/entity-monitor.factory.service';
Expand All @@ -32,7 +31,6 @@ describe('CreateReleaseComponent', () => {
declarations: [
CreateReleaseComponent,
CreateApplicationStep1Component,
StatefulIconComponent,
FocusDirective
],
imports: [
Expand Down
1 change: 0 additions & 1 deletion deploy/Dockerfile.all-in-one
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ FROM splatform/stratos-aio-base:opensuse as builder

COPY --chown=stratos:users *.json ./
COPY --chown=stratos:users gulpfile.js ./
COPY --chown=stratos:users Gopkg.* ./
COPY --chown=stratos:users src ./src
COPY --chown=stratos:users build ./build/
COPY --chown=stratos:users deploy/tools/generate_cert.sh generate_cert.sh
Expand Down
4 changes: 3 additions & 1 deletion deploy/Dockerfile.bk
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@ ARG stratos_version
RUN mkdir -p /home/stratos
WORKDIR /home/stratos
COPY --chown=stratos:users . /home/stratos
RUN npm install
RUN go version
RUN npm install
RUN npm run build-backend

FROM splatform/stratos-bk-base:opensuse as common-build
Expand Down Expand Up @@ -32,8 +32,10 @@ CMD ["/run-postflight-job.sh"]

# use --target=prod-build to build a backend image for Kubernetes
FROM splatform/stratos-bk-base:opensuse as prod-build
RUN zypper in -y curl
COPY deploy/containers/proxy/entrypoint.sh /entrypoint.sh
COPY /deploy/db/scripts/run-preflight-job.sh /run-preflight-job.sh
COPY /deploy/db/scripts/migrate-volumes.sh /migrate-volumes.sh
COPY /deploy/tools/generate_cert.sh /generate_cert.sh
COPY --from=common-build /srv /srv
RUN mkdir /srv/templates
Expand Down
141 changes: 141 additions & 0 deletions deploy/db/scripts/migrate-volumes.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,141 @@
#!/bin/bash

echo "============================================"
echo "Stratos Volume Migration"
echo "============================================"
echo ""
echo "Migrating volume secrets to Kubernetes secrets"
echo ""

function waitForFile() {
FILE=$1
local TIMEOUT=0

while [ ! -f "${FILE}" ]
do
sleep 5
TIMEOUT=$((TIMEOUT+1))
if [ ${TIMEOUT} -eq 60 ]; then
echo "Timed out waiting for file ${FILE}"
exit 1
fi
echo "Waiting for file: ${FILE}"
done
}

CERT_FILE=console.crt
CERT_KEY=console.key
#ENCRYPTION_KEY_FILENAME - Supplied by Helm Chart

# Kubernetes token
KUBE_TOKEN=$(</var/run/secrets/kubernetes.io/serviceaccount/token)
KUBE_API_SERVER=https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_PORT_443_TCP_PORT

# ==============================================================================================================================
# Encryption Key
# ==============================================================================================================================

# Check whether the secret already exists
curl -k \
--fail \
-H "Authorization: Bearer $KUBE_TOKEN" \
-H 'Content-Type: application/json' \
${KUBE_API_SERVER}/api/v1/namespaces/${NAMESPACE}/secrets/${RELEASE_NAME}-key-secret > /dev/null

EXISTS=$?
if [ $EXISTS -ne 0 ]; then
echo "Encryption Key secret does not exist - this should have been created by the Helm Chart"
exit $EXISTS
fi

# Update the secret with the existing Encryption Key value from the Volume

# Wait for the Encryption Key to appear
echo "Waiting for Encryption Key to be created"
waitForFile "${ENCRYPTION_KEY_VOLUME}/${ENCRYPTION_KEY_FILENAME}"

echo "Encryption key is now available"
KEY=$(cat "${ENCRYPTION_KEY_VOLUME}/${ENCRYPTION_KEY_FILENAME}" | base64 | sed -e 's/[\/&]/\\&/g')

cat << EOF > patch-secret.yaml
{
"data": {
EOF

echo "\"key\": \"${KEY}\"" >> patch-secret.yaml
echo "} }" >> patch-secret.yaml

echo "Patching secret for the Encryption Key"

# Patch secret for the Encryption Key
curl -k \
--fail \
-X PATCH \
-d @patch-secret.yaml \
-H "Authorization: Bearer $KUBE_TOKEN" \
-H 'Accept: application/json' \
-H 'Content-Type: application/merge-patch+json' \
${KUBE_API_SERVER}/api/v1/namespaces/${NAMESPACE}/secrets/${RELEASE_NAME}-key-secret > /dev/null

RET_PATCH=$?
echo "Patch Encryption Key secret exit code: $RET_PATCH"
rm -rf patch-secret.yaml
if [ $RET_PATCH -ne 0 ]; then
echo "Error patching Encryption Key secret"
exit $RET_PATCH
fi

# ==============================================================================================================================
# Certificate
# ==============================================================================================================================

# Check whether the secret already exists
curl -k \
--fail \
-H "Authorization: Bearer $KUBE_TOKEN" \
-H 'Content-Type: application/json' \
${KUBE_API_SERVER}/api/v1/namespaces/${NAMESPACE}/secrets/${RELEASE_NAME}-cert-secret > /dev/null

EXISTS=$?
if [ $EXISTS -ne 0 ]; then
echo "Certificate secret does not exist - this should have been created by the Helm Chart"
exit $EXISTS
fi

# Wait for the Certificate to appear
echo "Waiting for Certificate to be created"
waitForFile "${ENCRYPTION_KEY_VOLUME}/${CERT_FILE}"
waitForFile "${ENCRYPTION_KEY_VOLUME}/${CERT_KEY}"
echo "Certificate is now available"
CERT=$(cat "${ENCRYPTION_KEY_VOLUME}/${CERT_FILE}" | base64 | sed -e 's/[\/&]/\\&/g')
KEY=$(cat "${ENCRYPTION_KEY_VOLUME}/${CERT_KEY}" | base64 | sed -e 's/[\/&]/\\&/g')

cat << EOF > patch-secret.yaml
{
"data": {
EOF

echo "\"tls.crt\": \"${CERT}\"," >> patch-secret.yaml
echo "\"tls.key\": \"${KEY}\"" >> patch-secret.yaml
echo "} }" >> patch-secret.yaml

# Create a secret for the Certificate
curl -k \
--fail \
-X PATCH \
-d @patch-secret.yaml \
-H "Authorization: Bearer $KUBE_TOKEN" \
-H 'Accept: application/json' \
-H 'Content-Type: application/merge-patch+json' \
${KUBE_API_SERVER}/api/v1/namespaces/${NAMESPACE}/secrets/${RELEASE_NAME}-cert-secret > /dev/null

RET_CREATED=$?
echo "Patch Certificate secret exit code: $?"
rm -rf patch-secret.yaml
if [ $RET_CREATED -ne 0 ]; then
echo "Error patching Certificate secret $RET_CREATED"
exit $RET_CREATED
fi

echo ""
echo "Volume Migration completed"
2 changes: 1 addition & 1 deletion deploy/db/scripts/run-postflight-job.k8s.sh
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#!/bin/bash
echo "=== Stratos Postlight Job ==="
echo "=== Stratos Postflight Job ==="
echo "Running postflight job"

# mysql commands will timeout after 5 seconds
Expand Down
20 changes: 20 additions & 0 deletions deploy/kubernetes/console/templates/__helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -84,3 +84,23 @@ Service port:
{{- end -}}
{{- end -}}
{{- end -}}


{{/*
Expand the name of the chart.
*/}}
{{- define "console.certName" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}


{{/*
Generate self-signed certificate
*/}}
{{- define "console.generateCertificate" -}}
{{- $altNames := list ( printf "%s.%s" (include "console.certName" .) .Release.Namespace ) ( printf "%s.%s.svc" (include "console.certName" .) .Release.Namespace ) -}}
{{- $ca := genCA "stratos-ca" 365 -}}
{{- $cert := genSignedCert ( include "console.certName" . ) nil $altNames 365 $ca -}}
tls.crt: {{ $cert.Cert | b64enc }}
tls.key: {{ $cert.Key | b64enc }}
{{- end -}}
2 changes: 2 additions & 0 deletions deploy/kubernetes/console/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -188,8 +188,10 @@ spec:
value: cf
- name: CONSOLE_CLIENT_SECRET
value:
{{- if .Values.env.DOMAIN }}
- name: AUTO_REG_CF_URL
value: https://api.{{.Values.env.DOMAIN}}
{{- end }}
- name: CONSOLE_ADMIN_SCOPE
value: cloud_controller.admin
- name: SKIP_SSL_VALIDATION
Expand Down
30 changes: 30 additions & 0 deletions deploy/kubernetes/console/templates/secrets.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -54,3 +54,33 @@ metadata:
data:
.dockercfg: {{ template "imagePullSecret" . }}
{{- end}}
{{- if .Values.console.migrateVolumes }}
---
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: "{{ .Release.Name }}-key-secret"
labels:
app.kubernetes.io/name: "stratos"
app.kubernetes.io/instance: "{{ .Release.Name }}"
app.kubernetes.io/version: "{{ .Chart.AppVersion }}"
app.kubernetes.io/component: "console-key-secret"
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
data:
key: {{ randAlphaNum 64 | b64enc }}
---
apiVersion: v1
kind: Secret
type: kubernetes.io/tls
metadata:
name: "{{ .Release.Name }}-cert-secret"
labels:
app.kubernetes.io/name: "stratos"
app.kubernetes.io/instance: "{{ .Release.Name }}"
app.kubernetes.io/version: "{{ .Chart.AppVersion }}"
app.kubernetes.io/component: "console-cert-secret"
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
data:
{{ ( include "console.generateCertificate" . ) | indent 2 }}
{{- end -}}
2 changes: 1 addition & 1 deletion deploy/kubernetes/console/templates/service.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ spec:
{{- range $cidr := .Values.console.service.loadBalancerSourceRanges }}
- {{ $cidr }}
{{- end }}
{{- end }}
{{ end }}
{{- end }}
{{- if .Values.console.service -}}
{{- if .Values.console.service.externalName }}
Expand Down
Loading

0 comments on commit 0714e93

Please sign in to comment.