add akamai cloud support (#307)

* initial commit for akamai beta command with github * unable to run cli, package issue * akamai updates for object store and credentials * fixes registry path and akamai kubeconfigs * fix akamai token * fix akamai bucket scheme for config * remove go mod * adds ssh pkg from runtime * go mod tidy
konstructio · Mar 12, 2024 · 84b81e9 · 84b81e9
1 parent 5293e10
commit 84b81e9
Show file tree

Hide file tree

Showing 31 changed files with 1,298 additions and 144 deletions.
diff --git a/extensions/akamai/env.go b/extensions/akamai/env.go
@@ -0,0 +1,116 @@
+/*
+Copyright (C) 2021-2023, Kubefirst
+
+This program is licensed under MIT.
+See the LICENSE file for more details.
+*/
+package akamai
+
+import (
+	"fmt"
+	"strconv"
+	"strings"
+
+	"github.com/kubefirst/kubefirst-api/pkg/providerConfigs"
+	pkgtypes "github.com/kubefirst/kubefirst-api/pkg/types"
+	"github.com/kubefirst/runtime/pkg/k8s"
+	"github.com/kubefirst/runtime/pkg/vault"
+	log "github.com/rs/zerolog/log"
+	"k8s.io/client-go/kubernetes"
+)
+
+func readVaultTokenFromSecret(clientset *kubernetes.Clientset) string {
+	existingKubernetesSecret, err := k8s.ReadSecretV2(clientset, vault.VaultNamespace, vault.VaultSecretName)
+	if err != nil || existingKubernetesSecret == nil {
+		log.Printf("Error reading existing Secret data: %s", err)
+		return ""
+	}
+
+	return existingKubernetesSecret["root-token"]
+}
+
+func GetAkamaiTerraformEnvs(envs map[string]string, cl *pkgtypes.Cluster) map[string]string {
+	envs["LINODE_TOKEN"] = cl.AkamaiAuth.Token
+	// needed for s3 api connectivity to object storage
+	envs["AWS_ACCESS_KEY_ID"] = cl.StateStoreCredentials.AccessKeyID
+	envs["AWS_SECRET_ACCESS_KEY"] = cl.StateStoreCredentials.SecretAccessKey
+	envs["TF_VAR_aws_access_key_id"] = cl.StateStoreCredentials.AccessKeyID
+	envs["TF_VAR_aws_secret_access_key"] = cl.StateStoreCredentials.SecretAccessKey
+	envs["AWS_SESSION_TOKEN"] = ""        // allows for debugging
+	envs["TF_VAR_aws_session_token"] = "" // allows for debugging
+	//envs["TF_LOG"] = "debug"
+
+	return envs
+}
+
+func GetGithubTerraformEnvs(envs map[string]string, cl *pkgtypes.Cluster) map[string]string {
+	envs["GITHUB_TOKEN"] = cl.GitAuth.Token
+	envs["GITHUB_OWNER"] = cl.GitAuth.Owner
+	envs["TF_VAR_atlantis_repo_webhook_secret"] = cl.AtlantisWebhookSecret
+	envs["TF_VAR_kbot_ssh_public_key"] = cl.GitAuth.PublicKey
+	envs["AWS_ACCESS_KEY_ID"] = cl.StateStoreCredentials.AccessKeyID
+	envs["AWS_SECRET_ACCESS_KEY"] = cl.StateStoreCredentials.SecretAccessKey
+	envs["TF_VAR_aws_access_key_id"] = cl.StateStoreCredentials.AccessKeyID
+	envs["TF_VAR_aws_secret_access_key"] = cl.StateStoreCredentials.SecretAccessKey
+	envs["AWS_SESSION_TOKEN"] = ""        // allows for debugging
+	envs["TF_VAR_aws_session_token"] = "" // allows for debugging
+
+	return envs
+}
+
+func GetGitlabTerraformEnvs(envs map[string]string, gid int, cl *pkgtypes.Cluster) map[string]string {
+	envs["GITLAB_TOKEN"] = cl.GitAuth.Token
+	envs["GITLAB_OWNER"] = cl.GitAuth.Owner
+	envs["TF_VAR_atlantis_repo_webhook_secret"] = cl.AtlantisWebhookSecret
+	envs["TF_VAR_atlantis_repo_webhook_url"] = cl.AtlantisWebhookURL
+	envs["TF_VAR_kbot_ssh_public_key"] = cl.GitAuth.PublicKey
+	envs["AWS_ACCESS_KEY_ID"] = cl.StateStoreCredentials.AccessKeyID
+	envs["AWS_SECRET_ACCESS_KEY"] = cl.StateStoreCredentials.SecretAccessKey
+	envs["TF_VAR_aws_access_key_id"] = cl.StateStoreCredentials.AccessKeyID
+	envs["TF_VAR_aws_secret_access_key"] = cl.StateStoreCredentials.SecretAccessKey
+	envs["TF_VAR_owner_group_id"] = strconv.Itoa(gid)
+	envs["TF_VAR_gitlab_owner"] = cl.GitAuth.Owner
+	envs["AWS_SESSION_TOKEN"] = ""        // allows for debugging
+	envs["TF_VAR_aws_session_token"] = "" // allows for debugging
+
+	return envs
+}
+
+func GetUsersTerraformEnvs(clientset *kubernetes.Clientset, cl *pkgtypes.Cluster, envs map[string]string) map[string]string {
+	envs["VAULT_TOKEN"] = readVaultTokenFromSecret(clientset)
+	envs["VAULT_ADDR"] = providerConfigs.VaultPortForwardURL
+	envs[fmt.Sprintf("%s_TOKEN", strings.ToUpper(cl.GitProvider))] = cl.GitAuth.Token
+	envs[fmt.Sprintf("%s_OWNER", strings.ToUpper(cl.GitProvider))] = cl.GitAuth.Owner
+	envs["AWS_SESSION_TOKEN"] = ""        // allows for debugging
+	envs["TF_VAR_aws_session_token"] = "" // allows for debugging
+
+	return envs
+}
+
+func GetVaultTerraformEnvs(clientset *kubernetes.Clientset, cl *pkgtypes.Cluster, envs map[string]string) map[string]string {
+	envs[fmt.Sprintf("%s_TOKEN", strings.ToUpper(cl.GitProvider))] = cl.GitAuth.Token
+	envs[fmt.Sprintf("%s_OWNER", strings.ToUpper(cl.GitProvider))] = cl.GitAuth.Owner
+	envs["TF_VAR_email_address"] = cl.AlertsEmail
+	envs["TF_VAR_vault_addr"] = providerConfigs.VaultPortForwardURL
+	envs["TF_VAR_vault_token"] = readVaultTokenFromSecret(clientset)
+	envs[fmt.Sprintf("TF_VAR_%s_token", cl.GitProvider)] = cl.GitAuth.Token
+	envs["VAULT_ADDR"] = providerConfigs.VaultPortForwardURL
+	envs["VAULT_TOKEN"] = readVaultTokenFromSecret(clientset)
+	envs["TF_VAR_akamai_token"] = cl.AkamaiAuth.Token
+	envs["LINODE_TOKEN"] = cl.AkamaiAuth.Token
+	envs["TF_VAR_atlantis_repo_webhook_secret"] = cl.AtlantisWebhookSecret
+	envs["TF_VAR_atlantis_repo_webhook_url"] = cl.AtlantisWebhookURL
+	envs["TF_VAR_kbot_ssh_private_key"] = cl.GitAuth.PrivateKey
+	envs["TF_VAR_kbot_ssh_public_key"] = cl.GitAuth.PublicKey
+	envs["TF_VAR_cloudflare_origin_ca_api_key"] = cl.CloudflareAuth.OriginCaIssuerKey
+	envs["TF_VAR_cloudflare_api_key"] = cl.CloudflareAuth.APIToken
+	envs["AWS_SESSION_TOKEN"] = ""        // allows for debugging
+	envs["TF_VAR_aws_session_token"] = "" // allows for debugging
+
+	switch cl.GitProvider {
+	case "gitlab":
+		envs["TF_VAR_owner_group_id"] = fmt.Sprint(cl.GitlabOwnerGroupID)
+	}
+
+	return envs
+}
diff --git a/extensions/akamai/secrets.go b/extensions/akamai/secrets.go
@@ -0,0 +1,118 @@
+/*
+Copyright (C) 2021-2023, Kubefirst
+
+This program is licensed under MIT.
+See the LICENSE file for more details.
+*/
+package akamai
+
+import (
+	"context"
+	"strings"
+
+	providerConfig "github.com/kubefirst/kubefirst-api/pkg/providerConfigs"
+	pkgtypes "github.com/kubefirst/kubefirst-api/pkg/types"
+	"github.com/rs/zerolog/log"
+	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes"
+)
+
+func BootstrapAkamaiMgmtCluster(clientset *kubernetes.Clientset, cl *pkgtypes.Cluster, destinationGitopsRepoURL string) error {
+
+	err := providerConfig.BootstrapMgmtCluster(
+		clientset,
+		cl.GitProvider,
+		cl.GitAuth.User,
+		destinationGitopsRepoURL,
+		cl.GitProtocol,
+		cl.CloudflareAuth.APIToken,
+		cl.AkamaiAuth.Token,
+		cl.DnsProvider,
+		cl.CloudProvider,
+		cl.GitAuth.Token,
+		cl.GitAuth.PrivateKey,
+	)
+	if err != nil {
+		log.Fatal().Msgf("error in central function to create secrets: %s", err)
+		return err
+	}
+
+	var externalDnsToken string
+	switch cl.DnsProvider {
+	case "akamai":
+		externalDnsToken = cl.AkamaiAuth.Token
+	case "civo":
+		externalDnsToken = cl.CivoAuth.Token
+	case "vultr":
+		externalDnsToken = cl.VultrAuth.Token
+	case "digitalocean":
+		externalDnsToken = cl.DigitaloceanAuth.Token
+	case "aws":
+		externalDnsToken = "implement with cluster management"
+	case "google":
+		externalDnsToken = "implement with cluster management"
+	case "cloudflare":
+		externalDnsToken = cl.CloudflareAuth.APIToken
+	}
+
+	// Create secrets
+	createSecrets := []*v1.Secret{
+		{
+			ObjectMeta: metav1.ObjectMeta{Name: "cloudflare-creds", Namespace: "argo"},
+			Data: map[string][]byte{
+				"origin-ca-api-key": []byte(cl.CloudflareAuth.OriginCaIssuerKey),
+			},
+		},
+		{
+			ObjectMeta: metav1.ObjectMeta{Name: "cloudflare-creds", Namespace: "atlantis"},
+			Data: map[string][]byte{
+				"origin-ca-api-key": []byte(cl.CloudflareAuth.OriginCaIssuerKey),
+			},
+		},
+		{
+			ObjectMeta: metav1.ObjectMeta{Name: "cloudflare-creds", Namespace: "chartmuseum"},
+			Data: map[string][]byte{
+				"origin-ca-api-key": []byte(cl.CloudflareAuth.OriginCaIssuerKey),
+			},
+		},
+		{
+			ObjectMeta: metav1.ObjectMeta{Name: "external-dns-secrets", Namespace: "external-dns"},
+			Data: map[string][]byte{
+				"token": []byte(externalDnsToken),
+			},
+		},
+		{
+			ObjectMeta: metav1.ObjectMeta{Name: "cloudflare-creds", Namespace: "kubefirst"},
+			Data: map[string][]byte{
+				"origin-ca-api-key": []byte(cl.CloudflareAuth.OriginCaIssuerKey),
+			},
+		},
+		{
+			ObjectMeta: metav1.ObjectMeta{Name: "cloudflare-creds", Namespace: "vault"},
+			Data: map[string][]byte{
+				"origin-ca-api-key": []byte(cl.CloudflareAuth.OriginCaIssuerKey),
+			},
+		},
+		{
+			ObjectMeta: metav1.ObjectMeta{Name: "kubefirst-state", Namespace: "kubefirst"},
+			Data: map[string][]byte{
+				"console-tour": []byte("false"),
+			},
+		},
+	}
+	for _, secret := range createSecrets {
+		_, err := clientset.CoreV1().Secrets(secret.ObjectMeta.Namespace).Get(context.TODO(), secret.ObjectMeta.Name, metav1.GetOptions{})
+		if err == nil {
+			log.Info().Msgf("kubernetes secret %s/%s already created - skipping", secret.Namespace, secret.Name)
+		} else if strings.Contains(err.Error(), "not found") {
+			_, err = clientset.CoreV1().Secrets(secret.ObjectMeta.Namespace).Create(context.TODO(), secret, metav1.CreateOptions{})
+			if err != nil {
+				log.Fatal().Msgf("error creating kubernetes secret %s/%s: %s", secret.Namespace, secret.Name, err)
+			}
+			log.Info().Msgf("created kubernetes secret: %s/%s", secret.Namespace, secret.Name)
+		}
+	}
+
+	return nil
+}
diff --git a/go.mod b/go.mod
@@ -18,10 +18,10 @@ require (
 	github.com/caarlos0/env/v10 v10.0.0
 	github.com/charmbracelet/bubbles v0.15.0
 	github.com/charmbracelet/bubbletea v0.23.2
-	github.com/charmbracelet/lipgloss v0.8.0
+	github.com/charmbracelet/lipgloss v0.9.1
+	github.com/charmbracelet/log v0.3.1
 	github.com/civo/civogo v0.3.53
 	github.com/cloudflare/cloudflare-go v0.73.0
-	github.com/denisbrodbeck/machineid v1.0.1
 	github.com/gin-contrib/cors v1.4.0
 	github.com/gin-gonic/gin v1.8.2
 	github.com/go-git/go-git/v5 v5.6.1
@@ -30,18 +30,20 @@ require (
 	github.com/joho/godotenv v1.5.1
 	github.com/kubefirst/metrics-client v0.3.0
 	github.com/kubefirst/runtime v0.4.1
+	github.com/linode/linodego v1.29.0
+	github.com/mikesmitty/edkey v0.0.0-20170222072505-3356ea4e686a
 	github.com/minio/minio-go/v7 v7.0.49
 	github.com/nxadm/tail v1.4.8
 	github.com/otiai10/copy v1.7.0
 	github.com/rs/zerolog v1.29.1
-	github.com/segmentio/analytics-go v3.1.0+incompatible
+	github.com/sirupsen/logrus v1.9.0
 	github.com/swaggo/files v1.0.0
 	github.com/swaggo/gin-swagger v1.5.3
 	github.com/swaggo/swag v1.16.1
 	github.com/thanhpk/randstr v1.0.6
 	go.mongodb.org/mongo-driver v1.10.3
 	golang.org/x/oauth2 v0.8.0
-	golang.org/x/text v0.12.0
+	golang.org/x/text v0.14.0
 	google.golang.org/api v0.126.0
 	gopkg.in/yaml.v2 v2.4.0
 	k8s.io/api v0.27.1
@@ -52,7 +54,9 @@ require (
 
 require (
 	github.com/aws/aws-sdk-go-v2/service/ec2 v1.91.0 // indirect
-	github.com/sirupsen/logrus v1.9.0 // indirect
+	github.com/go-logfmt/logfmt v0.6.0 // indirect
+	github.com/go-resty/resty/v2 v2.11.0 // indirect
+	github.com/segmentio/analytics-go v3.1.0+incompatible // indirect
 	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
 )
 
@@ -101,7 +105,6 @@ require (
 	github.com/bombsimon/logrusr/v2 v2.0.1 // indirect
 	github.com/bradleyfalzon/ghinstallation/v2 v2.1.0 // indirect
 	github.com/caarlos0/env/v6 v6.10.1 // indirect
-	github.com/caarlos0/sshmarshal v0.1.0 // indirect
 	github.com/cenkalti/backoff/v3 v3.2.2 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/chai2010/gettext-go v0.1.0 // indirect
@@ -145,7 +148,7 @@ require (
 	github.com/golang/snappy v0.0.4 // indirect
 	github.com/google/btree v1.0.1 // indirect
 	github.com/google/gnostic v0.6.9 // indirect
-	github.com/google/go-cmp v0.5.9 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/go-github/v45 v45.2.0 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
@@ -185,7 +188,7 @@ require (
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.18 // indirect
 	github.com/mattn/go-localereader v0.0.1 // indirect
-	github.com/mattn/go-runewidth v0.0.14 // indirect
+	github.com/mattn/go-runewidth v0.0.15 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/miekg/dns v1.1.40 // indirect
 	github.com/minio/md5-simd v1.1.2 // indirect
@@ -227,7 +230,7 @@ require (
 	github.com/spf13/cobra v1.7.0 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/spf13/viper v1.15.0 // indirect
+	github.com/spf13/viper v1.15.0
 	github.com/subosito/gotenv v1.4.2 // indirect
 	github.com/ugorji/go/codec v1.2.8 // indirect
 	github.com/vmihailenco/go-tinylfu v0.2.1 // indirect
@@ -244,15 +247,15 @@ require (
 	github.com/youmark/pkcs8 v0.0.0-20201027041543-1326539a0a0a // indirect
 	go.opencensus.io v0.24.0 // indirect
 	go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect
-	golang.org/x/crypto v0.12.0 // indirect
-	golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect
-	golang.org/x/mod v0.12.0 // indirect
-	golang.org/x/net v0.14.0 // indirect
-	golang.org/x/sync v0.3.0 // indirect
-	golang.org/x/sys v0.11.0 // indirect
-	golang.org/x/term v0.11.0 // indirect
+	golang.org/x/crypto v0.20.0
+	golang.org/x/exp v0.0.0-20231006140011-7918f672742d
+	golang.org/x/mod v0.13.0 // indirect
+	golang.org/x/net v0.21.0 // indirect
+	golang.org/x/sync v0.4.0 // indirect
+	golang.org/x/sys v0.18.0 // indirect
+	golang.org/x/term v0.17.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
-	golang.org/x/tools v0.12.0 // indirect
+	golang.org/x/tools v0.14.0 // indirect
 	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc // indirect