feat: create Kubernetes secret with certificate

README.adoc

@@ -13,6 +13,10 @@ Connection is established by running an https://www.stunnel.org/[stunnel] pod in
 
 The app relies on local `gcloud` and `kubectl` commands which have to be configured and authenticated with the proper Google Cloud user and GKE Kubernetes cluster.
 
+The app also needs an existing Kubernetes Secret containing the Google Cloud Redis certificate to exist in the Kubernetes 
+cluster. You can download a Redis certificate file and create a Kubernetes secret manually, or you can use
+`google-cloud-redis secrets create` command to do so.
+
 image::screenshot.png[]
 
 ---
@@ -43,23 +47,24 @@ _Package_ sections.
 * Install https://kubernetes.io/docs/tasks/tools/#kubectl[`kubectl`] tool
 * Authenticate to Google Cloud: `gcloud auth login`
 * Get GKE cluster credentials: `gcloud container clusters get-credentials`
-* Download Google Cloud Redis certificate and store it in a Kubernetes secret: `kubectl create secret generic $SECRET --namespace $NAMESPACE --from-file=./server-ca.pem`
+* Download Google Cloud Redis certificate and store it in a Kubernetes secret (see `google-cloud-redis secrets create`).
 
 === Run
 [source,bash]
 ----
 # Help
 google-cloud-redis help
 
+# Create Kubernetes secret containing Gogle Cloud Redis certificate
+google-cloud-redis secrets create
+
 # Create (or override existing) configuration
 google-cloud-redis configurations create
 
 # Run configuration (interactive mode)
 google-cloud-redis configurations run
-
 # Run configuration (non-interactive mode)
 google-cloud-redis configurations run $NAME
-
 # HINT: Add alias
 alias myDbProd="google-cloud-redis configurations run $NAME"
 

package.json

@@ -39,6 +39,7 @@
     "fuse.js": "6.6.2",
     "inquirer": "8.2.5",
     "inquirer-autocomplete-prompt": "1.4.0",
+    "js-yaml": "4.1.0",
     "kubernetes-models": "4.3.1",
     "lodash": "4.17.21",
     "memoizee": "0.4.15",
@@ -52,6 +53,7 @@
     "@tsconfig/node14": "1.0.3",
     "@types/inquirer": "8.2.4",
     "@types/inquirer-autocomplete-prompt": "1.3.5",
+    "@types/js-yaml": "4.0.5",
     "@types/lodash": "4.14.187",
     "@types/memoizee": "0.4.8",
     "@types/node": "18.11.9",

src/commands/configurations/create.ts

@@ -3,15 +3,15 @@ import inquirer from 'inquirer'
 import autocomplete from 'inquirer-autocomplete-prompt'
 import { saveConfiguration } from '../../lib/configurations'
 import { ConfigurationCreateAnswers } from '../../lib/types'
-import { configurationNamePrompt } from './prompts/configuration-name'
-import { confirmationPrompt } from './prompts/confirmation'
-import { googleCloudProjectPrompt } from './prompts/google-cloud-project'
-import { googleCloudRedisInstancePrompt } from './prompts/google-cloud-redis-instance'
-import { kubernetesContextPrompt } from './prompts/kubernetes-context'
-import { kubernetesNamespacePrompt } from './prompts/kubernetes-namespace'
-import { kubernetesSecretPrompt } from './prompts/kubernetes-secret'
-import { kubernetesSecretKeyPrompt } from './prompts/kubernetes-secret-key'
-import { localPortPrompt } from './prompts/local-port'
+import { configurationNamePrompt } from '../../lib/prompts/configuration-name'
+import { confirmationPrompt } from '../../lib/prompts/confirmation'
+import { googleCloudProjectPrompt } from '../../lib/prompts/google-cloud-project'
+import { googleCloudRedisInstancePrompt } from '../../lib/prompts/google-cloud-redis-instance'
+import { kubernetesContextPrompt } from '../../lib/prompts/kubernetes-context'
+import { kubernetesNamespacePrompt } from '../../lib/prompts/kubernetes-namespace'
+import { kubernetesSecretPrompt } from '../../lib/prompts/kubernetes-secret'
+import { kubernetesSecretKeyPrompt } from '../../lib/prompts/kubernetes-secret-key'
+import { localPortPrompt } from '../../lib/prompts/local-port'
 
 export const createConfiguration = async () => {
   inquirer.registerPrompt('autocomplete', autocomplete)

src/commands/configurations/remove.ts

@@ -3,8 +3,8 @@ import inquirer from 'inquirer'
 import autocomplete from 'inquirer-autocomplete-prompt'
 import { deleteConfiguration } from '../../lib/configurations'
 import { ConfigurationChooseAnswers } from '../../lib/types'
-import { configurationPrompt } from './prompts/configuration'
-import { confirmationPrompt } from './prompts/confirmation'
+import { configurationPrompt } from '../../lib/prompts/configuration'
+import { confirmationPrompt } from '../../lib/prompts/confirmation'
 
 export const removeConfiguration = async () => {
   inquirer.registerPrompt('autocomplete', autocomplete)

src/commands/configurations/run.ts

@@ -3,8 +3,8 @@ import inquirer from 'inquirer'
 import autocomplete from 'inquirer-autocomplete-prompt'
 import { execConfiguration, getConfiguration } from '../../lib/configurations'
 import { ConfigurationChooseAnswers } from '../../lib/types'
-import { configurationPrompt } from './prompts/configuration'
-import { confirmationPrompt } from './prompts/confirmation'
+import { configurationPrompt } from '../../lib/prompts/configuration'
+import { confirmationPrompt } from '../../lib/prompts/confirmation'
 
 export const runConfiguration = async () => {
   inquirer.registerPrompt('autocomplete', autocomplete)

src/commands/configurations/show.ts

@@ -1,7 +1,7 @@
 import inquirer from 'inquirer'
 import autocomplete from 'inquirer-autocomplete-prompt'
 import { ConfigurationChooseAnswers } from '../../lib/types'
-import { configurationPrompt } from './prompts/configuration'
+import { configurationPrompt } from '../../lib/prompts/configuration'
 
 export const showConfiguration = async () => {
   inquirer.registerPrompt('autocomplete', autocomplete)

src/commands/secrets/create.ts

@@ -0,0 +1,32 @@
+import { bold, green, red } from 'chalk'
+import inquirer from 'inquirer'
+import autocomplete from 'inquirer-autocomplete-prompt'
+import { confirmationPrompt } from '../../lib/prompts/confirmation'
+import { googleCloudProjectPrompt } from '../../lib/prompts/google-cloud-project'
+import { googleCloudRedisInstancePrompt } from '../../lib/prompts/google-cloud-redis-instance'
+import { kubernetesContextPrompt } from '../../lib/prompts/kubernetes-context'
+import { kubernetesNamespacePrompt } from '../../lib/prompts/kubernetes-namespace'
+import { kubernetesSecretNamePrompt } from '../../lib/prompts/kubernetes-secret-name'
+import { saveSecret } from '../../lib/secrets'
+import { SecretCreateAnswers } from '../../lib/types'
+
+export const createSecret = async () => {
+  inquirer.registerPrompt('autocomplete', autocomplete)
+
+  const answers = await inquirer.prompt<SecretCreateAnswers>([
+    googleCloudProjectPrompt,
+    googleCloudRedisInstancePrompt,
+    kubernetesContextPrompt,
+    kubernetesNamespacePrompt,
+    kubernetesSecretNamePrompt,
+    confirmationPrompt,
+  ])
+
+  if (answers.confirmation) {
+    saveSecret(answers)
+
+    console.log(green(`Created secret '${bold(answers.kubernetesSecretName)}'.`))
+  } else {
+    console.log(red('You are excused.'))
+  }
+}

src/commands/secrets/index.ts

@@ -0,0 +1,21 @@
+import { Command } from 'commander'
+import { logError } from '../../lib/util/error'
+import { createSecret } from './create'
+
+export async function addSecretsCommands(program: Command) {
+  const secrets = new Command('secrets')
+  secrets.description('manage Kubernetes secrets for Redis certificates')
+
+  secrets
+    .command('create')
+    .description('create Kubernetes secret containing Google Cloud Redis certificate')
+    .action(async () => {
+      try {
+        await createSecret()
+      } catch (error) {
+        logError(error)
+      }
+    })
+
+  program.addCommand(secrets)
+}

src/index.ts

@@ -4,6 +4,7 @@ import { Command } from 'commander'
 import { addConfigurationsCommands } from './commands/configurations'
 import { notifyForUpdates } from './lib/updates'
 import { version } from './lib/version'
+import { addSecretsCommands } from './commands/secrets'
 
 async function main() {
   notifyForUpdates()
@@ -12,6 +13,7 @@ async function main() {
   program.name('google-cloud-redis').version(version)
 
   addConfigurationsCommands(program)
+  addSecretsCommands(program)
 
   program.parse(process.argv)
 }

src/lib/gcloud/redis-instances.ts → src/lib/gcloud/redis.ts

@@ -1,5 +1,9 @@
 import memoize from 'memoizee'
-import { execCommandMultilineWithHeaderAsync } from '../util/exec'
+import {
+  execCommand,
+  execCommandMultilineWithHeader,
+  execCommandMultilineWithHeaderAsync,
+} from '../util/exec'
 
 export type GoogleCloudRedisInstance = {
   name: string
@@ -15,6 +19,14 @@ const parseInstance = (instance: string): GoogleCloudRedisInstance => {
   return { name, region, host, port }
 }
 
+export const fetchGoogleCloudRedisRegions = memoize((project: string): string[] => {
+  return execCommandMultilineWithHeader(`
+      gcloud redis regions list \
+        --project=${project} \
+        --quiet
+    `)
+})
+
 const fetchGoogleCloudRedisInstancesForRegion = memoize(
   async (project: string, region: string): Promise<GoogleCloudRedisInstance[]> => {
     const instances = await execCommandMultilineWithHeaderAsync(`
@@ -38,3 +50,17 @@ export const fetchGoogleCloudRedisInstances = memoize(
     return instances.flat()
   }
 )
+
+export const fetchGoogleCloudRedisCertificate = (
+  project: string,
+  region: string,
+  instanceName: string
+): string => {
+  return execCommand(`
+    gcloud redis instances describe ${instanceName} \
+      --project=${project} \
+      --region=${region} \
+      --format='value(serverCaCerts[0].cert)' \
+      --quiet
+  `)
+}

src/lib/kubectl/pods.ts

@@ -1,3 +1,4 @@
+import yaml from 'js-yaml'
 import { bold, cyan } from 'chalk'
 import { Pod } from 'kubernetes-models/v1'
 import { execCommand, execCommandAttached } from '../util/exec'
@@ -59,10 +60,10 @@ export const runCloudRedisProxyPod = (pod: CloudRedisProxyPod): string => {
       ],
     },
   })
-  const podJson = JSON.stringify(podModel.toJSON())
+  const podYaml = yaml.dump(podModel.toJSON())
 
   return execCommand(`
-    echo '${podJson}' | kubectl create --context=${pod.context} -f -
+    echo "${podYaml}" | kubectl create --context=${pod.context} -f -
   `)
 }