feat: deploy-cli for scaffolding

go/deploy-cli/.editorconfig

@@ -0,0 +1,9 @@
+root = true
+
+[*]
+charset = utf-8
+indent_style = space
+indent_size = 2
+end_of_line = lf
+#insert_final_newline = true
+trim_trailing_whitespace = true

go/deploy-cli/.gitignore

@@ -0,0 +1,34 @@
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+
+# Test binary, built with `go hugo -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Dependency directories (remove the comment below to include it)
+vendor/
+
+# VsCode
+
+.vsscode/*
+.vscode/
+
+# goreleaser dist folder
+dist/
+
+# IntelliJ
+.idea
+*.iml
+.idea/workspace.xml
+.idea/tasks.xml
+.idea/gradle.xml
+.idea/assetWizardSettings.xml
+.idea/dictionaries
+.idea/libraries
+.idea/caches

go/deploy-cli/.goreleaser.yaml

@@ -0,0 +1,48 @@
+# This is an example .goreleaser.yml file with some sensible defaults.
+# Make sure to check the documentation at https://goreleaser.com
+
+# The lines below are called `modelines`. See `:help modeline`
+# Feel free to remove those if you don't want/need to use them.
+# yaml-language-server: $schema=https://goreleaser.com/static/schema.json
+# vim: set ts=2 sw=2 tw=0 fo=cnqoj
+
+version: 2
+
+before:
+  hooks:
+    # You may remove this if you don't use go modules.
+    - go mod tidy
+
+builds:
+  - env:
+      - CGO_ENABLED=0
+    goos: ["linux", "darwin", "windows"]
+    goarch: ["386", "amd64", "arm64"]
+    binary: deploy-cli
+    ldflags:
+      - -s -w -X "main.version={{.Version}}"
+
+universal_binaries:
+  - replace: true
+
+archives:
+  - formats: [tar.gz]
+    # this name template makes the OS and Arch compatible with the results of `uname`.
+    name_template: >-
+      {{ .ProjectName }}_
+      {{- title .Os }}_
+      {{- if eq .Arch "amd64" }}x86_64
+      {{- else if eq .Arch "386" }}i386
+      {{- else }}{{ .Arch }}{{ end }}
+      {{- if .Arm }}v{{ .Arm }}{{ end }}
+    # use zip for windows archives
+    format_overrides:
+      - goos: windows
+        formats: [zip]
+
+changelog:
+  sort: asc
+  filters:
+    exclude:
+      - "^docs:"
+      - "^test:"

go/deploy-cli/README.md

@@ -0,0 +1,34 @@
+# undercloud-deploy-cli
+
+Undercloud Deploy cli helps quickly generate undercloud-deploy config files.
+
+
+## How to use.
+
+> Please make sure that you have kubeseal binary installed your system https://github.com/bitnami-labs/sealed-secrets
+
+* Export all these env
+
+```sh
+export UC_DEPLOY="<full_local_path_to_undercloud_deploy_repo>"
+export DEPLOY_NAME="<cluster_name>"
+export UC_DEPLOY_GIT_URL=git@github.com:RSS-Engineering/undercloud-deploy.git
+export UC_DEPLOY_SSH_FILE=<path_to_ssh_private_key_file>
+export DNS_ZONE=<cluster_name>.dev.undercloud.rackspace.net
+export UC_DEPLOY_EMAIL="<your_email>"
+export UC_AIO=yes
+```
+
+* Run
+
+```
+go run *.go init
+go run *.go help
+```
+
+* Commit all changes to the undercloud-deploy repo in your branch
+
+
+## Contributing
+
+If you find any issues or have suggestions for improvements, please open an issue on the [GitHub repository](https://github.com/rackerlabs/understack).

go/deploy-cli/cmd/argocd/secrets.go

@@ -0,0 +1,110 @@
+package argocd
+
+import (
+	_ "embed"
+	"fmt"
+	"os"
+	"path/filepath"
+
+	"github.com/rackerlabs/understack/go/deploy-cli/cmd"
+	"github.com/rackerlabs/understack/go/deploy-cli/helpers"
+
+	"github.com/charmbracelet/log"
+	"github.com/gookit/goutil/envutil"
+	"github.com/gookit/goutil/fsutil"
+	"github.com/spf13/cobra"
+)
+
+//go:embed templates/argoCluster.tmpl
+var argoClusterTemplate string
+
+//go:embed templates/argoSecretDeployRepo.tmpl
+var argoSecretDeployRepoTemplate string
+
+// Constants for file paths and template names
+const (
+	clusterSecretFile    = "secret-%s-cluster.yaml"
+	secretDeployRepoFile = "secret-deploy-repo.yaml"
+	argoNamespace        = "argocd"
+)
+
+var ArgoCMD = &cobra.Command{
+	Use:   "argocd-secrets",
+	Short: "Generate ArgoCD secrets",
+	Long:  "Generate repository and cluster secrets for ArgoCD deployment",
+	Run: func(cmd *cobra.Command, args []string) {
+		if err := GenerateSecrets(); err != nil {
+			log.Fatal("Failed to generate secrets", "error", err)
+			os.Exit(1)
+		}
+	},
+}
+
+func init() {
+	cmd.RootCmd.AddCommand(ArgoCMD)
+}
+
+// GenerateSecrets orchestrates the generation of all ArgoCD secrets
+func GenerateSecrets() error {
+	basePath := helpers.GetManifestPathToService("argocd")
+
+	if err := generateDeployRepoSecret(basePath); err != nil {
+		return fmt.Errorf("deploy repo secret generation failed: %w", err)
+	}
+
+	if err := generateClusterSecret(basePath); err != nil {
+		return fmt.Errorf("cluster secret generation failed: %w", err)
+	}
+
+	helpers.UpdateKustomizeFile(basePath)
+	return nil
+}
+
+// generateDeployRepoSecret generates the repository deployment secret
+func generateDeployRepoSecret(basePath string) error {
+	vars := map[string]any{
+		"Config":            `{"tlsClientConfig":{"insecure":false}}`,
+		"Name":              envutil.Getenv("UC_DEPLOY"),
+		"Server":            "https://kubernetes.default.svc",
+		"DEPLOY_NAME":       envutil.Getenv("DEPLOY_NAME"),
+		"UC_DEPLOY_GIT_URL": envutil.Getenv("UC_DEPLOY_GIT_URL"),
+		"DNS_ZONE":          envutil.Getenv("DNS_ZONE"),
+	}
+
+	result, err := helpers.TemplateHelper(argoSecretDeployRepoTemplate, vars)
+	if err != nil {
+		return fmt.Errorf("template rendering failed: %w", err)
+	}
+
+	outputFilePath := filepath.Join(basePath, fmt.Sprintf(clusterSecretFile, envutil.Getenv("DEPLOY_NAME")))
+
+	return writeToFile(outputFilePath, result)
+}
+
+// generateClusterSecret generates the cluster secret
+func generateClusterSecret(basePath string) error {
+	vars := map[string]any{
+		"DEPLOY_NAME":        envutil.Getenv("DEPLOY_NAME"),
+		"Type":               "git",
+		"UC_DEPLOY_GIT_URL":  envutil.Getenv("UC_DEPLOY_GIT_URL"),
+		"DNS_ZONE":           envutil.Getenv("DNS_ZONE"),
+		"UC_DEPLOY_SSH_FILE": envutil.Getenv("UC_DEPLOY_SSH_FILE"),
+	}
+
+	result, err := helpers.TemplateHelper(argoClusterTemplate, vars)
+	if err != nil {
+		return fmt.Errorf("template rendering failed: %w", err)
+	}
+
+	outputFilePath := filepath.Join(basePath, secretDeployRepoFile)
+	return writeToFile(outputFilePath, result)
+}
+
+// writeToFile writes content to a file with proper permissions
+func writeToFile(filePath string, content string) error {
+	err := fsutil.WriteFile(filePath, content, os.ModePerm)
+	if err != nil {
+		return fmt.Errorf("file write failed: %w", err)
+	}
+	return nil
+}

go/deploy-cli/cmd/argocd/templates/argoCluster.tmpl

@@ -0,0 +1,12 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .DEPLOY_NAME }}-repo
+  namespace: argocd
+  labels:
+    argocd.argoproj.io/secret-type: repo-creds
+data:
+  sshPrivateKey: {{ .UC_DEPLOY_SSH_FILE }}
+  type: {{ .Type | b64enc }}
+  url: {{ .UC_DEPLOY_GIT_URL | b64enc }}

go/deploy-cli/cmd/argocd/templates/argoSecretDeployRepo.tmpl

@@ -0,0 +1,19 @@
+---
+apiVersion: v1
+kind: Secret
+data:
+  config: {{ .Config | b64enc }}
+  name: {{ .Name | b64enc }}
+  server: {{ .Server | b64enc }}
+metadata:
+  name: {{ .DEPLOY_NAME }}-cluster
+  namespace: argocd
+  labels:
+    argocd.argoproj.io/secret-type: cluster
+    understack.rackspace.com/argocd: enabled
+  annotations:
+    uc_repo_git_url: "https://github.com/rackerlabs/understack.git"
+    uc_repo_ref: "HEAD"
+    uc_deploy_git_url: "{{ .UC_DEPLOY_GIT_URL }}"
+    uc_deploy_ref: "HEAD"
+    dns_zone: "{{ .DNS_ZONE }}"

go/deploy-cli/cmd/certManager/secrets.go

@@ -0,0 +1,60 @@
+package certManager
+
+import (
+	_ "embed"
+	"fmt"
+	"os"
+
+	"github.com/rackerlabs/understack/go/deploy-cli/cmd"
+	"github.com/rackerlabs/understack/go/deploy-cli/helpers"
+
+	"github.com/charmbracelet/log"
+	"github.com/gookit/goutil/envutil"
+	"github.com/gookit/goutil/fsutil"
+
+	"github.com/spf13/cobra"
+)
+
+//go:embed templates/clusterIssuer.tmpl
+var clusterIssuerTemplate string
+
+func init() {
+	cmd.RootCmd.AddCommand(CertManager)
+}
+
+var CertManager = &cobra.Command{
+	Use:   "certmanager-secrets",
+	Short: "Generate certmanager-secrets secrets",
+	Long:  "",
+	Run:   certManagerGen,
+}
+
+func certManagerGen(cmd *cobra.Command, args []string) {
+	err := clusterIssuer()
+	if err != nil {
+		log.Error("certManagerGen failed", "error", err)
+	}
+}
+
+// credGen prints out the cli version number
+func clusterIssuer() error {
+	vars := map[string]any{
+		"UC_DEPLOY_EMAIL": envutil.Getenv("UC_DEPLOY_EMAIL"),
+		"DNS_ZONE":        envutil.Getenv("DNS_ZONE"),
+	}
+
+	result, err := helpers.TemplateHelper(string(clusterIssuerTemplate), vars)
+	if err != nil {
+		return fmt.Errorf("template rendering failed: %w", err)
+	}
+
+	outputFilePath := helpers.GetManifestPathToService("cert-manager") + "/cluster-issuer.yaml"
+
+	if err := fsutil.WriteFile(outputFilePath, result, os.ModePerm); err != nil {
+		log.Fatal("error in kustomization.yaml file", "err", err)
+		os.Exit(1)
+	}
+	helpers.UpdateKustomizeFile(helpers.GetManifestPathToService("cert-manager"))
+
+	return nil
+}

go/deploy-cli/cmd/certManager/templates/clusterIssuer.tmpl

@@ -0,0 +1,27 @@
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: understack-cluster-issuer
+  annotations:
+    argocd.argoproj.io/sync-wave: "5"
+spec:
+  acme:
+    email: {{ .UC_DEPLOY_EMAIL }}
+    privateKeySecretRef:
+      name: letsencrypt-prod
+    server: https://acme-v02.api.letsencrypt.org/directory
+    solvers:
+      - http01:
+          ingress:
+            ingressClassName: nginx
+        selector:
+          matchLabels:
+            authorizeWith: http
+      - dns01:
+          webhook:
+            groupName: acme.undercloud.rackspace.net
+            solverName: rackspace
+            config:
+              authSecretRef: cert-manager-webhook-rackspace-creds
+              domainName: {{ .DNS_ZONE }}