-
Notifications
You must be signed in to change notification settings - Fork 11
/
secrets.go
118 lines (110 loc) · 3.45 KB
/
secrets.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
/*
Copyright (C) 2021-2023, Kubefirst
This program is licensed under MIT.
See the LICENSE file for more details.
*/
package akamai
import (
"context"
"strings"
providerConfig "github.com/kubefirst/kubefirst-api/pkg/providerConfigs"
pkgtypes "github.com/kubefirst/kubefirst-api/pkg/types"
"github.com/rs/zerolog/log"
v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes"
)
func BootstrapAkamaiMgmtCluster(clientset *kubernetes.Clientset, cl *pkgtypes.Cluster, destinationGitopsRepoURL string) error {
err := providerConfig.BootstrapMgmtCluster(
clientset,
cl.GitProvider,
cl.GitAuth.User,
destinationGitopsRepoURL,
cl.GitProtocol,
cl.CloudflareAuth.APIToken,
cl.AkamaiAuth.Token,
cl.DnsProvider,
cl.CloudProvider,
cl.GitAuth.Token,
cl.GitAuth.PrivateKey,
)
if err != nil {
log.Fatal().Msgf("error in central function to create secrets: %s", err)
return err
}
var externalDnsToken string
switch cl.DnsProvider {
case "akamai":
externalDnsToken = cl.AkamaiAuth.Token
case "civo":
externalDnsToken = cl.CivoAuth.Token
case "vultr":
externalDnsToken = cl.VultrAuth.Token
case "digitalocean":
externalDnsToken = cl.DigitaloceanAuth.Token
case "aws":
externalDnsToken = "implement with cluster management"
case "google":
externalDnsToken = "implement with cluster management"
case "cloudflare":
externalDnsToken = cl.CloudflareAuth.APIToken
}
// Create secrets
createSecrets := []*v1.Secret{
{
ObjectMeta: metav1.ObjectMeta{Name: "cloudflare-creds", Namespace: "argo"},
Data: map[string][]byte{
"origin-ca-api-key": []byte(cl.CloudflareAuth.OriginCaIssuerKey),
},
},
{
ObjectMeta: metav1.ObjectMeta{Name: "cloudflare-creds", Namespace: "atlantis"},
Data: map[string][]byte{
"origin-ca-api-key": []byte(cl.CloudflareAuth.OriginCaIssuerKey),
},
},
{
ObjectMeta: metav1.ObjectMeta{Name: "cloudflare-creds", Namespace: "chartmuseum"},
Data: map[string][]byte{
"origin-ca-api-key": []byte(cl.CloudflareAuth.OriginCaIssuerKey),
},
},
{
ObjectMeta: metav1.ObjectMeta{Name: "external-dns-secrets", Namespace: "external-dns"},
Data: map[string][]byte{
"token": []byte(externalDnsToken),
},
},
{
ObjectMeta: metav1.ObjectMeta{Name: "cloudflare-creds", Namespace: "kubefirst"},
Data: map[string][]byte{
"origin-ca-api-key": []byte(cl.CloudflareAuth.OriginCaIssuerKey),
},
},
{
ObjectMeta: metav1.ObjectMeta{Name: "cloudflare-creds", Namespace: "vault"},
Data: map[string][]byte{
"origin-ca-api-key": []byte(cl.CloudflareAuth.OriginCaIssuerKey),
},
},
{
ObjectMeta: metav1.ObjectMeta{Name: "kubefirst-state", Namespace: "kubefirst"},
Data: map[string][]byte{
"console-tour": []byte("false"),
},
},
}
for _, secret := range createSecrets {
_, err := clientset.CoreV1().Secrets(secret.ObjectMeta.Namespace).Get(context.TODO(), secret.ObjectMeta.Name, metav1.GetOptions{})
if err == nil {
log.Info().Msgf("kubernetes secret %s/%s already created - skipping", secret.Namespace, secret.Name)
} else if strings.Contains(err.Error(), "not found") {
_, err = clientset.CoreV1().Secrets(secret.ObjectMeta.Namespace).Create(context.TODO(), secret, metav1.CreateOptions{})
if err != nil {
log.Fatal().Msgf("error creating kubernetes secret %s/%s: %s", secret.Namespace, secret.Name, err)
}
log.Info().Msgf("created kubernetes secret: %s/%s", secret.Namespace, secret.Name)
}
}
return nil
}