feat: api secrets and get rid of mongo (#310)

* feat: single object approach

* fix: struct

* feat: database migration to secrets

* feat: deprecate mongo

* feat: create environment secret reference

* feat: remove mongo references

* feat: remove mongo from akamai and k3s

.env.example

@@ -1,7 +1,3 @@
-MONGODB_USERNAME=root
-MONGODB_PASSWORD=password
-MONGODB_HOST_TYPE=local # local | atlas
-MONGODB_HOST="localhost:27017"
 SERVER_PORT=8081
 K1_ACCESS_TOKEN=feedkray
 IS_CLUSTER_ZERO=

README.md

@@ -71,50 +71,30 @@ If you want to use your local API version with the CLI, you need to do two thing
 
 Be sure that you do not change the default port for the console (3000), and the default one for the API (8081) for this to work.
 
-## Prerequisites
+## Prerequisites for local development
 
-The API uses MongoDB for storing records.
+For local development, we need to have a k3d cluster where the kubefirst api can store information in secrets
 
-The best option is to use [MongoDB Atlas](https://www.mongodb.com/atlas). This is the recommended approach.
-
-For local development, you can install [MongoDB Community Edition](https://www.mongodb.com/docs/manual/tutorial/install-mongodb-on-os-x/) - this is not production-quality.
-
-It is also recommended to install [MongoDB Compass](https://www.mongodb.com/try/download/atlascli).
-
-The host:port for MongoDB should be supplied as the environment variable `MONGODB_HOST`. When testing locally, use `localhost:27017`.
+- Download [k3d](https://k3d.io/)
+- Create a cluster ```k3d cluster create dev```
+- Dowload the kubeconfig ```k3d kubeconfig write dev```
+- Update the `K1_LOCAL_KUBECONFIG_PATH` environment variable with the kubeconfig location
+- Enjoy!
 
 ### Environment Variables
 
 Some variables are required, others are optional depending on deployment type.
 
-| Variable            | Description                                                                                                                                      | Required                       |
-| ------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------ |
-| `MONGODB_HOST_TYPE` | Can be either `atlas` or `local`.                                                                                                                | Yes                            |
-| `MONGODB_HOST`      | The host to connect to. For Atlas, use only the portion of the string not containing username or password. For all other types, append the port. | Yes                            |
-| `MONGODB_USERNAME`  | Required when using Atlas/ Docker compose.                                                                                                       | If using Atlas/ Docker compose |
-| `MONGODB_PASSWORD`  | Required when using Atlas/ Docker compose.                                                                                                       | If using Atlas/ Docker compose |
-| `IN_CLUSTER`        | Specify whether or not the API is running inside a Kubernetes cluster. By default, this is assumed `false`.                                      | No                             |
-| `CLUSTER_ID`        | The ID of the cluster running API.                                                                                                               | Yes                            |
-| `CLUSTER_TYPE`      | Cluster type.                                                                                                                                    | Yes                            |
-| `INSTALL_METHOD`    | Description of the method through which the API was deployed. Example: `helm`                                                                    | Yes                            |
-| `K1_ACCESS_TOKEN`   | Access token in authorization header to prevent unsolicited in-cluster access                                                                    | Yes                            |
+| Variable                    | Description                                                                                                                                      | Required                       |
+| -------------------         | ------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------ |
+| `IN_CLUSTER`                | Specify whether or not the API is running inside a Kubernetes cluster. By default, this is assumed `false`.                                      | No                             |
+| `CLUSTER_ID`                | The ID of the cluster running API.                                                                                                               | Yes                            |
+| `CLUSTER_TYPE`              | Cluster type.                                                                                                                                    | Yes                            |
+| `INSTALL_METHOD`            | Description of the method through which the API was deployed. Example: `helm`                                                                    | Yes                            |
+| `K1_ACCESS_TOKEN`           | Access token in authorization header to prevent unsolicited in-cluster access                                                                    | Yes                            |
+| `K1_LOCAL_DEBUG`            | Identifies the api execution as local debug mode                                                                                                 | No                             |
+| `K1_LOCAL_KUBECONFIG_PATH`  | kubeconfig path location for k3d local cluster                                                                                                   | No                            |
 
-### To run locally
-
-```shell
-# optional local mongodb for kubefirst-api
-docker run -d --name k1-api-mongodb \
-  -e MONGO_INITDB_ROOT_USERNAME=root \
-  -e MONGO_INITDB_ROOT_PASSWORD=password \
-  -p 27017:27017 \
-  mongo
-```
-
-### Using Docker compose
-
-```bash
-  docker compose up
-```
 
 ## local environment variables
 

charts/kubefirst-api/templates/deployment.yaml

@@ -60,21 +60,6 @@ spec:
       serviceAccountName: {{ include "kubefirst-api.serviceAccountName" . }}
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
-      {{- if .Values.initContainer.enabled }}
-      initContainers:
-        - name: wait-for-mongodb
-          image: busybox:latest
-          imagePullPolicy: IfNotPresent
-          command:
-            [
-              'sh',
-              '-c',
-              'until nc -vz ${MONGODB_HOST} 27017; do echo "Waiting for mongodb..."; sleep 3; done;',
-            ]
-          env:
-            - name: MONGODB_HOST
-              value: {{ if not .Values.atlasDbHost }}{{ .Values.mongodbHost | default (printf "%s-mongodb.%s.svc.cluster.local" (.Release.Name ) (.Release.Namespace )) }}{{ else }}{{ .Values.atlasDbHost }}{{ end }}
-      {{- end }}
       containers:
         - name: {{ .Chart.Name }}
           {{- if .Values.includeVolume }}
@@ -83,28 +68,6 @@ spec:
             name: k1-pv-storage
         {{- end }}
           env:
-            {{- if not .Values.atlasDbHost }}
-            - name: MONGODB_HOST
-              value: {{ .Values.mongodbHost | default (printf "%s-mongodb.%s.svc.cluster.local" (.Release.Name ) (.Release.Namespace )) }}
-            - name: MONGODB_USERNAME
-              value: {{ .Values.mongodbUsername | default "root" }}
-            {{- else }}
-            - name: MONGODB_HOST
-              value: {{ .Values.atlasDbHost }}
-            - name: MONGODB_USERNAME
-              value: {{ .Values.atlasDbUsername }}
-            {{- end }}
-            - name: MONGODB_HOST_TYPE
-             {{- if not .Values.atlasDbHost }}
-              value: "local"
-              {{- else }}
-              value:  "atlas"
-              {{- end }}
-            - name: MONGODB_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: {{ .Values.existingSecret | default "kubefirst-initial-secrets" }}
-                  key: mongodb-root-password
             - name: K1_ACCESS_TOKEN
               valueFrom:
                 secretKeyRef:

go.mod

@@ -143,7 +143,6 @@ require (
 	github.com/golang-jwt/jwt/v4 v4.4.3 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
-	github.com/golang/snappy v0.0.4 // indirect
 	github.com/google/btree v1.0.1 // indirect
 	github.com/google/gnostic v0.6.9 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
@@ -199,7 +198,6 @@ require (
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
-	github.com/montanaflynn/stats v0.6.6 // indirect
 	github.com/muesli/ansi v0.0.0-20211018074035-2e021307bc4b // indirect
 	github.com/muesli/cancelreader v0.2.2 // indirect
 	github.com/muesli/reflow v0.3.0 // indirect
@@ -237,12 +235,8 @@ require (
 	github.com/vultr/govultr/v3 v3.0.2 // indirect
 	github.com/xanzy/go-gitlab v0.81.0 // indirect
 	github.com/xanzy/ssh-agent v0.3.3 // indirect
-	github.com/xdg-go/pbkdf2 v1.0.0 // indirect
-	github.com/xdg-go/scram v1.1.1 // indirect
-	github.com/xdg-go/stringprep v1.0.3 // indirect
 	github.com/xlab/treeprint v1.1.0 // indirect
 	github.com/xtgo/uuid v0.0.0-20140804021211-a0b114877d4c // indirect
-	github.com/youmark/pkcs8 v0.0.0-20201027041543-1326539a0a0a // indirect
 	go.opencensus.io v0.24.0 // indirect
 	go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect
 	golang.org/x/crypto v0.20.0

go.sum

@@ -519,8 +519,6 @@ github.com/golang/protobuf v1.4.2 h1:+Z5KGCizgyZCbGh1KZqA0fcLLkwbsjIzS4aV2v7wJX0
 github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
-github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
-github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golangplus/testing v0.0.0-20180327235837-af21d9c3145e/go.mod h1:0AA//k/eakGydO4jKRoRL2j92ZKSzTgj9tclaCrvXHk=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
@@ -845,8 +843,6 @@ github.com/mohae/deepcopy v0.0.0-20170603005431-491d3605edfb/go.mod h1:TaXosZuwd
 github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 h1:n6/2gBQ3RWajuToeY6ZtZTIKv2v7ThUy5KKusIT0yc0=
 github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod h1:Pm3mSP3c5uWn86xMLZ5Sa7JB9GsEZySvHYXCTK4E9q4=
 github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc=
-github.com/montanaflynn/stats v0.6.6 h1:Duep6KMIDpY4Yo11iFsvyqJDyfzLF9+sndUKT+v64GQ=
-github.com/montanaflynn/stats v0.6.6/go.mod h1:etXPPgVO6n31NxCd9KQUMvCM+ve0ruNzt6R8Bnaayow=
 github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
 github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ=
 github.com/muesli/ansi v0.0.0-20211018074035-2e021307bc4b h1:1XF24mVaiu7u+CFywTdcDo2ie1pzzhwjt6RHqzpMU34=
@@ -1134,7 +1130,6 @@ github.com/swaggo/swag v1.16.1/go.mod h1:9/LMvHycG3NFHfR6LwvikHv5iFvmPADQ359cKik
 github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
 github.com/thanhpk/randstr v1.0.6 h1:psAOktJFD4vV9NEVb3qkhRSMvYh4ORRaj1+w/hn4B+o=
 github.com/thanhpk/randstr v1.0.6/go.mod h1:M/H2P1eNLZzlDwAzpkkkUvoyNNMbzRGhESZuEQk3r0U=
-github.com/tidwall/pretty v1.0.0 h1:HsD+QiTn7sK6flMKIvNmpqz1qrpP3Ps6jOKIKMooyg4=
 github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
@@ -1165,11 +1160,8 @@ github.com/xanzy/go-gitlab v0.81.0 h1:ofbhZ5ZY9AjHATWQie4qd2JfncdUmvcSA/zfQB767D
 github.com/xanzy/go-gitlab v0.81.0/go.mod h1:VMbY3JIWdZ/ckvHbQqkyd3iYk2aViKrNIQ23IbFMQDo=
 github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
 github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
-github.com/xdg-go/pbkdf2 v1.0.0 h1:Su7DPu48wXMwC3bs7MCNG+z4FhcyEuz5dlvchbq0B0c=
 github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI=
-github.com/xdg-go/scram v1.1.1 h1:VOMT+81stJgXW3CpHyqHN3AXDYIMsx56mEFrB37Mb/E=
 github.com/xdg-go/scram v1.1.1/go.mod h1:RaEWvsqvNKKvBPvcKeFjrG2cJqOkHTiyTpzz23ni57g=
-github.com/xdg-go/stringprep v1.0.3 h1:kdwGpVNwPFtjs98xCGkHjQtGKh86rDcRZN17QEMCOIs=
 github.com/xdg-go/stringprep v1.0.3/go.mod h1:W3f5j4i+9rC0kuIEJL0ky1VpHXQU3ocBgklLGvcBnW8=
 github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
 github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
@@ -1181,8 +1173,6 @@ github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:
 github.com/xtgo/uuid v0.0.0-20140804021211-a0b114877d4c h1:3lbZUMbMiGUW/LMkfsEABsc5zNT9+b1CvsJx47JzJ8g=
 github.com/xtgo/uuid v0.0.0-20140804021211-a0b114877d4c/go.mod h1:UrdRz5enIKZ63MEE3IF9l2/ebyx59GyGgPi+tICQdmM=
 github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA=
-github.com/youmark/pkcs8 v0.0.0-20201027041543-1326539a0a0a h1:fZHgsYlfvtyqToslyjUt3VOPF4J7aK/3MPcK7xp3PDk=
-github.com/youmark/pkcs8 v0.0.0-20201027041543-1326539a0a0a/go.mod h1:ul22v+Nro/R083muKhosV54bj5niojjWZvU8xrevuH4=
 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
@@ -1259,7 +1249,6 @@ golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=

internal/controller/argocd.go

@@ -12,6 +12,7 @@ import (
 
 	argocdapi "github.com/argoproj/argo-cd/v2/pkg/client/clientset/versioned"
 	awsext "github.com/kubefirst/kubefirst-api/extensions/aws"
+	"github.com/kubefirst/kubefirst-api/internal/secrets"
 	"github.com/kubefirst/metrics-client/pkg/telemetry"
 	"github.com/kubefirst/runtime/pkg"
 	"github.com/kubefirst/runtime/pkg/argocd"
@@ -22,7 +23,7 @@ import (
 
 // InstallArgoCD
 func (clctrl *ClusterController) InstallArgoCD() error {
-	cl, err := clctrl.MdbCl.GetCluster(clctrl.ClusterName)
+	cl, err := secrets.GetCluster(clctrl.KubernetesClient, clctrl.ClusterName)
 	if err != nil {
 		return err
 	}
@@ -62,7 +63,8 @@ func (clctrl *ClusterController) InstallArgoCD() error {
 			return err
 		}
 
-		err = clctrl.MdbCl.UpdateCluster(clctrl.ClusterName, "argocd_install_check", true)
+		clctrl.Cluster.ArgoCDInstallCheck = true
+		err = secrets.UpdateCluster(clctrl.KubernetesClient, clctrl.Cluster)
 		if err != nil {
 			return err
 		}
@@ -73,7 +75,7 @@ func (clctrl *ClusterController) InstallArgoCD() error {
 
 // InitializeArgoCD
 func (clctrl *ClusterController) InitializeArgoCD() error {
-	cl, err := clctrl.MdbCl.GetCluster(clctrl.ClusterName)
+	cl, err := secrets.GetCluster(clctrl.KubernetesClient, clctrl.ClusterName)
 	if err != nil {
 		return err
 	}
@@ -133,15 +135,11 @@ func (clctrl *ClusterController) InitializeArgoCD() error {
 
 		log.Info().Msg("argocd admin auth token set")
 
-		err = clctrl.MdbCl.UpdateCluster(clctrl.ClusterName, "argocd_password", argocdPassword)
-		if err != nil {
-			return err
-		}
-		err = clctrl.MdbCl.UpdateCluster(clctrl.ClusterName, "argocd_auth_token", argoCDToken)
-		if err != nil {
-			return err
-		}
-		err = clctrl.MdbCl.UpdateCluster(clctrl.ClusterName, "argocd_initialize_check", true)
+		clctrl.Cluster.ArgoCDPassword = argocdPassword
+		clctrl.Cluster.ArgoCDAuthToken = argoCDToken
+		clctrl.Cluster.ArgoCDInitializeCheck = true
+
+		err = secrets.UpdateCluster(clctrl.KubernetesClient, clctrl.Cluster)
 		if err != nil {
 			return err
 		}
@@ -152,7 +150,7 @@ func (clctrl *ClusterController) InitializeArgoCD() error {
 
 // DeployRegistryApplication
 func (clctrl *ClusterController) DeployRegistryApplication() error {
-	cl, err := clctrl.MdbCl.GetCluster(clctrl.ClusterName)
+	cl, err := secrets.GetCluster(clctrl.KubernetesClient, clctrl.ClusterName)
 	if err != nil {
 		return err
 	}
@@ -202,7 +200,8 @@ func (clctrl *ClusterController) DeployRegistryApplication() error {
 
 		telemetry.SendEvent(clctrl.TelemetryEvent, telemetry.CreateRegistryCompleted, "")
 
-		err = clctrl.MdbCl.UpdateCluster(clctrl.ClusterName, "argocd_create_registry_check", true)
+		clctrl.Cluster.ArgoCDCreateRegistryCheck = true
+		err = secrets.UpdateCluster(clctrl.KubernetesClient, clctrl.Cluster)
 		if err != nil {
 			return err
 		}