google fixes and virtual clusters (#205)

* receiver func for google config to return and array of zone names * create route to get zones for google * pass along required zone for list of machine types for google * standardize return type for instance size response * rm commented code * fixes cloud dns list to use domain name * adds writing of google service account for cluster management * adds digital ocean github vcluster mvp --------- Co-authored-by: Derrick Hawkins <[email protected]>
konstructio · Oct 19, 2023 · 34b820d · 34b820d
1 parent f4e943e
commit 34b820d
Show file tree

Hide file tree

Showing 22 changed files with 561 additions and 143 deletions.
diff --git a/extensions/civo/secrets.go b/extensions/civo/secrets.go
@@ -48,7 +48,7 @@ func BootstrapCivoMgmtCluster(clientset *kubernetes.Clientset, cl *pkgtypes.Clus
 		externalDnsToken = cl.DigitaloceanAuth.Token
 	case "aws":
 		externalDnsToken = "implement with cluster management"
-	case "googlecloud":
+	case "google":
 		externalDnsToken = "implement with cluster management"
 	case "cloudflare":
 		externalDnsToken = cl.CloudflareAuth.APIToken

diff --git a/extensions/digitalocean/secrets.go b/extensions/digitalocean/secrets.go
@@ -20,7 +20,6 @@ import (
 )
 
 func BootstrapDigitaloceanMgmtCluster(clientset *kubernetes.Clientset, cl *pkgtypes.Cluster, destinationGitopsRepoURL string) error {
-
 
 	err := providerConfig.BootstrapMgmtCluster(
 		clientset,
@@ -40,8 +39,61 @@ func BootstrapDigitaloceanMgmtCluster(clientset *kubernetes.Clientset, cl *pkgty
 		return err
 	}
 
+	var externalDnsToken string
+	switch cl.DnsProvider {
+	case "civo":
+		externalDnsToken = cl.CivoAuth.Token
+	case "vultr":
+		externalDnsToken = cl.VultrAuth.Token
+	case "digitalocean":
+		externalDnsToken = cl.DigitaloceanAuth.Token
+	case "aws":
+		externalDnsToken = "implement with cluster management"
+	case "google":
+		externalDnsToken = "implement with cluster management"
+	case "cloudflare":
+		externalDnsToken = cl.CloudflareAuth.APIToken
+	}
+
 	// Create secrets
-	createSecrets := []*v1.Secret{}
+	createSecrets := []*v1.Secret{
+		{
+			ObjectMeta: metav1.ObjectMeta{Name: "cloudflare-creds", Namespace: "argo"},
+			Data: map[string][]byte{
+				"origin-ca-api-key": []byte(cl.CloudflareAuth.OriginCaIssuerKey),
+			},
+		},
+		{
+			ObjectMeta: metav1.ObjectMeta{Name: "cloudflare-creds", Namespace: "atlantis"},
+			Data: map[string][]byte{
+				"origin-ca-api-key": []byte(cl.CloudflareAuth.OriginCaIssuerKey),
+			},
+		},
+		{
+			ObjectMeta: metav1.ObjectMeta{Name: "cloudflare-creds", Namespace: "chartmuseum"},
+			Data: map[string][]byte{
+				"origin-ca-api-key": []byte(cl.CloudflareAuth.OriginCaIssuerKey),
+			},
+		},
+		{
+			ObjectMeta: metav1.ObjectMeta{Name: "external-dns-secrets", Namespace: "external-dns"},
+			Data: map[string][]byte{
+				"token": []byte(externalDnsToken),
+			},
+		},
+		{
+			ObjectMeta: metav1.ObjectMeta{Name: "cloudflare-creds", Namespace: "kubefirst"},
+			Data: map[string][]byte{
+				"origin-ca-api-key": []byte(cl.CloudflareAuth.OriginCaIssuerKey),
+			},
+		},
+		{
+			ObjectMeta: metav1.ObjectMeta{Name: "cloudflare-creds", Namespace: "vault"},
+			Data: map[string][]byte{
+				"origin-ca-api-key": []byte(cl.CloudflareAuth.OriginCaIssuerKey),
+			},
+		},
+	}
 	for _, secret := range createSecrets {
 		_, err := clientset.CoreV1().Secrets(secret.ObjectMeta.Namespace).Get(context.TODO(), secret.ObjectMeta.Name, metav1.GetOptions{})
 		if err == nil {

diff --git a/extensions/google/env.go b/extensions/google/env.go
@@ -8,6 +8,7 @@ package google
 
 import (
 	"fmt"
+	"os"
 	"strconv"
 	"strings"
 
@@ -30,11 +31,12 @@ func readVaultTokenFromSecret(clientset *kubernetes.Clientset) string {
 }
 
 func GetGoogleTerraformEnvs(envs map[string]string, cl *pkgtypes.Cluster) map[string]string {
-	envs["GOOGLE_CLOUD_KEYFILE_JSON"] = cl.GoogleAuth.KeyFile
-	envs["GOOGLE_CREDENTIALS "] = cl.GoogleAuth.KeyFile
 	envs["TF_VAR_project"] = cl.GoogleAuth.ProjectId
-	envs["GOOGLE_APPLICATION_CREDENTIALS"] = "" //allows for local debugging
-	//envs["TF_LOG"] = "debug"
+	homeDir, err := os.UserHomeDir()
+	if err != nil {
+		log.Fatalf("error getting home path: %s", err)
+	}
+	envs["GOOGLE_APPLICATION_CREDENTIALS"] = fmt.Sprintf("%s/.k1/application-default-credentials.json", homeDir)
 
 	return envs
 }
@@ -44,9 +46,11 @@ func GetGithubTerraformEnvs(envs map[string]string, cl *pkgtypes.Cluster) map[st
 	envs["GITHUB_OWNER"] = cl.GitAuth.Owner
 	envs["TF_VAR_atlantis_repo_webhook_secret"] = cl.AtlantisWebhookSecret
 	envs["TF_VAR_kbot_ssh_public_key"] = cl.GitAuth.PublicKey
-	envs["GOOGLE_CREDENTIALS "] = cl.GoogleAuth.KeyFile
-	envs["GOOGLE_APPLICATION_CREDENTIALS"] = "" //allows for local debugging
-
+	homeDir, err := os.UserHomeDir()
+	if err != nil {
+		log.Fatalf("error getting home path: %s", err)
+	}
+	envs["GOOGLE_APPLICATION_CREDENTIALS"] = fmt.Sprintf("%s/.k1/application-default-credentials.json", homeDir)
 
 	return envs
 }
@@ -59,8 +63,11 @@ func GetGitlabTerraformEnvs(envs map[string]string, gid int, cl *pkgtypes.Cluste
 	envs["TF_VAR_kbot_ssh_public_key"] = cl.GitAuth.PublicKey
 	envs["TF_VAR_owner_group_id"] = strconv.Itoa(gid)
 	envs["TF_VAR_gitlab_owner"] = cl.GitAuth.Owner
-	envs["GOOGLE_CREDENTIALS "] = cl.GoogleAuth.KeyFile
-	envs["GOOGLE_APPLICATION_CREDENTIALS"] = "" //allows for local debugging
+	homeDir, err := os.UserHomeDir()
+	if err != nil {
+		log.Fatalf("error getting home path: %s", err)
+	}
+	envs["GOOGLE_APPLICATION_CREDENTIALS"] = fmt.Sprintf("%s/.k1/application-default-credentials.json", homeDir)
 
 	return envs
 }
@@ -70,8 +77,11 @@ func GetUsersTerraformEnvs(clientset *kubernetes.Clientset, cl *pkgtypes.Cluster
 	envs["VAULT_ADDR"] = providerConfigs.VaultPortForwardURL
 	envs[fmt.Sprintf("%s_TOKEN", strings.ToUpper(cl.GitProvider))] = cl.GitAuth.Token
 	envs[fmt.Sprintf("%s_OWNER", strings.ToUpper(cl.GitProvider))] = cl.GitAuth.Owner
-	envs["GOOGLE_CREDENTIALS "] = cl.GoogleAuth.KeyFile
-	envs["GOOGLE_APPLICATION_CREDENTIALS"] = "" //allows for local debugging
+	homeDir, err := os.UserHomeDir()
+	if err != nil {
+		log.Fatalf("error getting home path: %s", err)
+	}
+	envs["GOOGLE_APPLICATION_CREDENTIALS"] = fmt.Sprintf("%s/.k1/application-default-credentials.json", homeDir)
 
 	return envs
 }
@@ -92,8 +102,11 @@ func GetVaultTerraformEnvs(clientset *kubernetes.Clientset, cl *pkgtypes.Cluster
 	envs["TF_VAR_kbot_ssh_public_key"] = cl.GitAuth.PublicKey
 	envs["TF_VAR_cloudflare_origin_ca_api_key"] = cl.CloudflareAuth.OriginCaIssuerKey
 	envs["TF_VAR_cloudflare_api_key"] = cl.CloudflareAuth.Token
-	envs["GOOGLE_CREDENTIALS "] = cl.GoogleAuth.KeyFile
-	envs["GOOGLE_APPLICATION_CREDENTIALS"] = "" //allows for local debugging
+	homeDir, err := os.UserHomeDir()
+	if err != nil {
+		log.Fatalf("error getting home path: %s", err)
+	}
+	envs["GOOGLE_APPLICATION_CREDENTIALS"] = fmt.Sprintf("%s/.k1/application-default-credentials.json", homeDir)
 
 	switch cl.GitProvider {
 	case "gitlab":

diff --git a/extensions/google/secrets.go b/extensions/google/secrets.go
@@ -41,8 +41,62 @@ func BootstrapGoogleMgmtCluster(
 		log.Fatal().Msgf("error in central function to create secrets: %s", err)
 		return err
 	}
+
+	var externalDnsToken string
+	switch cl.DnsProvider {
+	case "civo":
+		externalDnsToken = cl.CivoAuth.Token
+	case "vultr":
+		externalDnsToken = cl.VultrAuth.Token
+	case "digitalocean":
+		externalDnsToken = cl.DigitaloceanAuth.Token
+	case "aws":
+		externalDnsToken = "implement with cluster management"
+	case "google":
+		externalDnsToken = "implement with cluster management"
+	case "cloudflare":
+		externalDnsToken = cl.CloudflareAuth.APIToken
+	}
+
 	// Create secrets
-	createSecrets := []*v1.Secret{}
+	createSecrets := []*v1.Secret{
+		{
+			ObjectMeta: metav1.ObjectMeta{Name: "cloudflare-creds", Namespace: "argo"},
+			Data: map[string][]byte{
+				"origin-ca-api-key": []byte(cl.CloudflareAuth.OriginCaIssuerKey),
+			},
+		},
+		{
+			ObjectMeta: metav1.ObjectMeta{Name: "cloudflare-creds", Namespace: "atlantis"},
+			Data: map[string][]byte{
+				"origin-ca-api-key": []byte(cl.CloudflareAuth.OriginCaIssuerKey),
+			},
+		},
+		{
+			ObjectMeta: metav1.ObjectMeta{Name: "cloudflare-creds", Namespace: "chartmuseum"},
+			Data: map[string][]byte{
+				"origin-ca-api-key": []byte(cl.CloudflareAuth.OriginCaIssuerKey),
+			},
+		},
+		{
+			ObjectMeta: metav1.ObjectMeta{Name: "external-dns-secrets", Namespace: "external-dns"},
+			Data: map[string][]byte{
+				"token": []byte(externalDnsToken),
+			},
+		},
+		{
+			ObjectMeta: metav1.ObjectMeta{Name: "cloudflare-creds", Namespace: "kubefirst"},
+			Data: map[string][]byte{
+				"origin-ca-api-key": []byte(cl.CloudflareAuth.OriginCaIssuerKey),
+			},
+		},
+		{
+			ObjectMeta: metav1.ObjectMeta{Name: "cloudflare-creds", Namespace: "vault"},
+			Data: map[string][]byte{
+				"origin-ca-api-key": []byte(cl.CloudflareAuth.OriginCaIssuerKey),
+			},
+		},
+	}
 	for _, secret := range createSecrets {
 		_, err := clientset.CoreV1().Secrets(secret.ObjectMeta.Namespace).Get(context.TODO(), secret.ObjectMeta.Name, metav1.GetOptions{})
 		if err == nil {

diff --git a/internal/controller/argocd.go b/internal/controller/argocd.go
@@ -230,6 +230,14 @@ func (clctrl *ClusterController) DeployRegistryApplication() error {
 			registryPath = fmt.Sprintf("registry/clusters/%s", clctrl.ClusterName)
 		} else if clctrl.CloudProvider == "aws" && clctrl.GitProvider == "gitlab" {
 			registryPath = fmt.Sprintf("registry/clusters/%s", clctrl.ClusterName)
+		} else if clctrl.CloudProvider == "google" && clctrl.GitProvider == "github" {
+			registryPath = fmt.Sprintf("registry/clusters/%s", clctrl.ClusterName)
+		} else if clctrl.CloudProvider == "google" && clctrl.GitProvider == "gitlab" {
+			registryPath = fmt.Sprintf("registry/clusters/%s", clctrl.ClusterName)
+		} else if clctrl.CloudProvider == "digitalocean" && clctrl.GitProvider == "github" {
+			registryPath = fmt.Sprintf("registry/clusters/%s", clctrl.ClusterName)
+		} else if clctrl.CloudProvider == "digitalocean" && clctrl.GitProvider == "gitlab" {
+			registryPath = fmt.Sprintf("registry/clusters/%s", clctrl.ClusterName)
 		} else {
 			registryPath = fmt.Sprintf("registry/%s", clctrl.ClusterName)
 		}

diff --git a/internal/controller/domain.go b/internal/controller/domain.go
@@ -67,7 +67,6 @@ func (clctrl *ClusterController) DomainLivenessTest() error {
 			}
 		case "cloudflare":
 
-			//! jared will brb to fix this
 			_, err := cloudflare_api.NewWithAPIToken(clctrl.CloudflareAuth.APIToken)
 			if err != nil {
 				return err

diff --git a/internal/controller/kms.go b/internal/controller/kms.go
@@ -49,6 +49,14 @@ func (clctrl *ClusterController) DetokenizeKMSKeyID() error {
 				registryPath = fmt.Sprintf("registry/clusters/%s", clctrl.ClusterName)
 			} else if clctrl.CloudProvider == "aws" && clctrl.GitProvider == "gitlab" {
 				registryPath = fmt.Sprintf("registry/clusters/%s", clctrl.ClusterName)
+			} else if clctrl.CloudProvider == "google" && clctrl.GitProvider == "github" {
+				registryPath = fmt.Sprintf("registry/clusters/%s", clctrl.ClusterName)
+			} else if clctrl.CloudProvider == "google" && clctrl.GitProvider == "gitlab" {
+				registryPath = fmt.Sprintf("registry/clusters/%s", clctrl.ClusterName)
+			} else if clctrl.CloudProvider == "digitalocean" && clctrl.GitProvider == "github" {
+				registryPath = fmt.Sprintf("registry/clusters/%s", clctrl.ClusterName)
+			} else if clctrl.CloudProvider == "digitalocean" && clctrl.GitProvider == "gitlab" {
+				registryPath = fmt.Sprintf("registry/clusters/%s", clctrl.ClusterName)
 			} else {
 				registryPath = fmt.Sprintf("registry/%s", clctrl.ClusterName)
 			}

diff --git a/internal/controller/vault.go b/internal/controller/vault.go
@@ -9,9 +9,11 @@ package controller
 import (
 	"context"
 	"encoding/base64"
+	"encoding/json"
 	"fmt"
 	"os"
 	"strconv"
+	"strings"
 
 	vaultapi "github.com/hashicorp/vault/api"
 	awsext "github.com/kubefirst/kubefirst-api/extensions/aws"
@@ -316,7 +318,7 @@ func (clctrl *ClusterController) WriteVaultSecrets() error {
 		externalDnsToken = cl.DigitaloceanAuth.Token
 	case "aws":
 		externalDnsToken = "implement with cluster management"
-	case "googlecloud":
+	case "google":
 		externalDnsToken = "implement with cluster management"
 	case "cloudflare":
 		externalDnsToken = cl.CloudflareAuth.APIToken
@@ -347,7 +349,7 @@ func (clctrl *ClusterController) WriteVaultSecrets() error {
 		vaultRootToken = vaultUnsealSecretData["root-token"]
 	}
 	vaultClient.SetToken(vaultRootToken)
-	//
+
 	_, err = vaultClient.KVv2("secret").Put(context.Background(), "external-dns", map[string]interface{}{
 		"token": externalDnsToken,
 	})
@@ -356,6 +358,16 @@ func (clctrl *ClusterController) WriteVaultSecrets() error {
 		"origin-ca-api-key": cl.CloudflareAuth.OriginCaIssuerKey,
 	})
 
+	if cl.CloudProvider == "google" {
+		log.Info("writing google specific secrets to vault secret store")
+		homeDir, err := os.UserHomeDir()
+		if err != nil {
+			log.Fatalf("error getting home path: %s", err)
+		}
+		writeGoogleSecrets(homeDir, vaultClient)
+		log.Info("successfully wrote google specific secrets to vault")
+	}
+
 	if err != nil {
 		log.Errorf("error writing secret to vault: %s", err)
 		return err
@@ -410,3 +422,27 @@ func (clctrl *ClusterController) WaitForVault() error {
 
 	return nil
 }
+
+func writeGoogleSecrets(homeDir string, vaultClient *vaultapi.Client) error {
+
+	// vault path - gcp/application-default-credentials
+	adcJSON, err := os.ReadFile(fmt.Sprintf("%s/.k1/application-default-credentials.json", homeDir))
+	if err != nil {
+		log.Error("error: reading google json credentials file")
+		return err
+	}
+
+	var data map[string]interface{}
+	err = json.Unmarshal([]byte(adcJSON), &data)
+	if err != nil {
+		return err
+	}
+
+	data["private_key"] = strings.Replace(data["private_key"].(string), "\n", "\\n", -1)
+
+	_, err = vaultClient.KVv2("secret").Put(context.Background(), "gcp/application-default-credentials", data)
+	if err != nil {
+		return err
+	}
+	return nil
+}
diff --git a/internal/db/mongo.go b/internal/db/mongo.go
@@ -98,19 +98,14 @@ func (mdbcl *MongoDBClient) ImportClusterIfEmpty(silent bool, cloudProvider stri
 	// find the secret in mgmt cluster's kubefirst namespace and read import payload and clustername
 	var kcfg *k8s.KubernetesClient
 
-	// homeDir, err := os.UserHomeDir()
-	// if err != nil {
-	// 	log.Fatalf("error getting home path: %s", err)
-	// }
-
-    if os.Getenv("IS_CLUSTER_ZERO") == "true" {
+	if os.Getenv("IS_CLUSTER_ZERO") == "true" {
 		log.Info("IS_CLUSTER_ZERO is set to true, skipping import cluster logic.")
 		return pkgtypes.Cluster{}, nil
 	}
 	if os.Getenv("CLOUD_PROVIDER") == "k3d" {
 		log.Info("CLOUD_PROVIDER is set to k3d, skipping import cluster logic.")
 		return pkgtypes.Cluster{}, nil
-	} 
+	}
 
 	homeDir, err := os.UserHomeDir()
 	if err != nil {