feat: Cloudflare for everyone and optional ecr (#1703)

* feat: Cloudflare for everyone and optional ecr

* fix: civo creds

* fix: reference tokens from config

* fix: aws bootstrapping

* fix:ecr terraform var

* fix: put ecr flag/var in the right terraform bock

* chore: bump rutime version

---------

Co-authored-by: Claywd <[email protected]>
Co-authored-by: Frédéric Harper <[email protected]>

cmd/aws/command.go

@@ -19,6 +19,7 @@ var (
 	cloudRegionFlag          string
 	clusterNameFlag          string
 	clusterTypeFlag          string
+	dnsProviderFlag          string
 	githubOrgFlag            string
 	gitlabGroupFlag          string
 	gitProviderFlag          string
@@ -34,10 +35,9 @@ var (
 	copyKbotPasswordToClipboardFlag   bool
 	copyVaultPasswordToClipboardFlag  bool
 
-	// Supported git providers
-	supportedGitProviders = []string{"github", "gitlab"}
-
-	// Supported git providers
+	// Supported argument arrays
+	supportedDNSProviders        = []string{"aws", "cloudflare"}
+	supportedGitProviders        = []string{"github", "gitlab"}
 	supportedGitProtocolOverride = []string{"https", "ssh"}
 )
 
@@ -69,7 +69,8 @@ func Create() *cobra.Command {
 	createCmd.Flags().StringVar(&cloudRegionFlag, "cloud-region", "us-east-1", "the aws region to provision infrastructure in")
 	createCmd.Flags().StringVar(&clusterNameFlag, "cluster-name", "kubefirst", "the name of the cluster to create")
 	createCmd.Flags().StringVar(&clusterTypeFlag, "cluster-type", "mgmt", "the type of cluster to create (i.e. mgmt|workload)")
-	createCmd.Flags().StringVar(&domainNameFlag, "domain-name", "", "the Route53 hosted zone name to use for DNS records (i.e. your-domain.com|subdomain.your-domain.com) (required)")
+	createCmd.Flags().StringVar(&dnsProviderFlag, "dns-provider", "aws", fmt.Sprintf("the dns provider - one of: %s", supportedDNSProviders))
+	createCmd.Flags().StringVar(&domainNameFlag, "domain-name", "", "the Route53/Cloudflare hosted zone name to use for DNS records (i.e. your-domain.com|subdomain.your-domain.com) (required)")
 	createCmd.MarkFlagRequired("domain-name")
 	createCmd.Flags().StringVar(&gitProviderFlag, "git-provider", "github", fmt.Sprintf("the git provider - one of: %s", supportedGitProviders))
 	createCmd.Flags().StringVar(&gitProtocolFlag, "git-protocol", "ssh", fmt.Sprintf("the git protocol - one of: %s", supportedGitProtocolOverride))

cmd/aws/destroy.go

@@ -77,7 +77,14 @@ func destroyAws(cmd *cobra.Command, args []string) error {
 	}
 
 	// Instantiate aws config
-	config := providerConfigs.GetConfig(clusterName, domainName, gitProvider, cGitOwner, gitProtocol)
+	config := providerConfigs.GetConfig(
+		clusterName,
+		domainName,
+		gitProvider,
+		cGitOwner,
+		gitProtocol,
+		os.Getenv("CF_API_TOKEN"),
+	)
 
 	if len(cGitToken) == 0 {
 		return fmt.Errorf(

cmd/civo/backup.go

@@ -36,7 +36,14 @@ func backupCivoSSL(cmd *cobra.Command, args []string) error {
 		log.Panic().Msgf("invalid git provider option")
 	}
 
-	config := providerConfigs.GetConfig(clusterName, domainName, gitProvider, cGitOwner, gitProtocol)
+	config := providerConfigs.GetConfig(
+		clusterName,
+		domainName,
+		gitProvider,
+		cGitOwner,
+		gitProtocol,
+		os.Getenv("CF_API_TOKEN"),
+	)
 
 	if _, err := os.Stat(config.SSLBackupDir + "/certificates"); os.IsNotExist(err) {
 		// path/to/whatever does not exist

cmd/civo/create.go

@@ -269,7 +269,14 @@ func createCivo(cmd *cobra.Command, args []string) error {
 	}
 
 	// Instantiate config
-	config := providerConfigs.GetConfig(clusterNameFlag, domainNameFlag, gitProviderFlag, cGitOwner, gitProtocolFlag)
+	config := providerConfigs.GetConfig(
+		clusterNameFlag,
+		domainNameFlag,
+		gitProviderFlag,
+		cGitOwner,
+		gitProtocolFlag,
+		os.Getenv("CF_API_TOKEN"),
+	)
 	config.CivoToken = os.Getenv("CIVO_TOKEN")
 	switch gitProviderFlag {
 	case "github":
@@ -382,6 +389,8 @@ func createCivo(cmd *cobra.Command, args []string) error {
 	viper.Set(fmt.Sprintf("%s.atlantis.webhook.url", config.GitProvider), fmt.Sprintf("https://atlantis.%s/events", domainNameFlag))
 	viper.WriteConfig()
 
+	config.GitOpsDirectoryValues = &gitopsDirectoryTokens
+
 	// Segment Client
 	segmentClient := &segment.SegmentClient{
 		CliVersion:        configs.K1Version,
@@ -686,6 +695,8 @@ func createCivo(cmd *cobra.Command, args []string) error {
 		MetaphorProductionIngressURL:  fmt.Sprintf("metaphor-production.%s", domainNameFlag),
 	}
 
+	config.MetaphorDirectoryValues = &metaphorDirectoryTokens
+
 	progressPrinter.AddTracker("cloning-and-formatting-git-repositories", "Cloning and formatting git repositories", 1)
 	progressPrinter.SetupProgress(progressPrinter.TotalOfTrackers(), false)
 	if !viper.GetBool("kubefirst-checks.gitops-ready-to-push") {

cmd/civo/destroy.go

@@ -69,7 +69,14 @@ func destroyCivo(cmd *cobra.Command, args []string) error {
 	}
 
 	// Instantiate civo config
-	config := providerConfigs.GetConfig(clusterName, domainName, gitProvider, cGitOwner, gitProtocol)
+	config := providerConfigs.GetConfig(
+		clusterName,
+		domainName,
+		gitProvider,
+		cGitOwner,
+		gitProtocol,
+		os.Getenv("CF_API_TOKEN"),
+	)
 	config.CivoToken = os.Getenv("CIVO_TOKEN")
 	switch gitProvider {
 	case "github":

cmd/civo/root-credentials.go

@@ -8,6 +8,7 @@ package civo
 
 import (
 	"fmt"
+	"os"
 
 	"github.com/kubefirst/runtime/pkg/civo"
 	"github.com/kubefirst/runtime/pkg/credentials"
@@ -55,7 +56,14 @@ func getCivoRootCredentials(cmd *cobra.Command, args []string) error {
 	}
 
 	// Instantiate kubernetes client
-	config := providerConfigs.GetConfig(clusterName, domainName, gitProvider, gitOwner, gitProtocol)
+	config := providerConfigs.GetConfig(
+		clusterName,
+		domainName,
+		gitProvider,
+		gitOwner,
+		gitProtocol,
+		os.Getenv("CF_API_TOKEN"),
+	)
 
 	kcfg := k8s.CreateKubeConfig(false, config.Kubeconfig)
 

cmd/digitalocean/create.go

@@ -264,7 +264,14 @@ func createDigitalocean(cmd *cobra.Command, args []string) error {
 	}
 
 	// Instantiate config
-	config := providerConfigs.GetConfig(clusterNameFlag, domainNameFlag, gitProviderFlag, cGitOwner, gitProtocolFlag)
+	config := providerConfigs.GetConfig(
+		clusterNameFlag,
+		domainNameFlag,
+		gitProviderFlag,
+		cGitOwner,
+		gitProtocolFlag,
+		os.Getenv("CF_API_TOKEN"),
+	)
 	config.DigitaloceanToken = os.Getenv("DO_TOKEN")
 	switch gitProviderFlag {
 	case "github":
@@ -497,45 +504,12 @@ func createDigitalocean(cmd *cobra.Command, args []string) error {
 
 				return fmt.Errorf(msg)
 			}
-			viper.Set("kubefirst-checks.domain-liveness", true)
-			viper.WriteConfig()
-			telemetryShim.Transmit(useTelemetryFlag, segmentClient, segment.MetricDomainLivenessCompleted, "")
-			progressPrinter.IncrementTracker("preflight-checks", 1)
+
 		case "cloudflare":
 			// Implement a Cloudflare check at some point
 			log.Info().Msg("domain check already complete - continuing")
 			progressPrinter.IncrementTracker("preflight-checks", 1)
 		}
-
-		// verify dns
-		err := dns.VerifyProviderDNS(digitalocean.CloudProvider, cloudRegionFlag, domainNameFlag, nil)
-		if err != nil {
-			return err
-		}
-
-		// domain id
-		domainId, err := digitaloceanConf.GetDNSInfo(domainNameFlag)
-		if err != nil {
-			log.Info().Msg(err.Error())
-		}
-
-		// viper values set in above function
-		log.Info().Msgf("domainId: %s", domainId)
-		// domainLiveness := digitaloceanConf.TestDomainLiveness(domainNameFlag)
-		// if !domainLiveness {
-		// 	telemetryShim.Transmit(useTelemetryFlag, segmentClient, segment.MetricDomainLivenessFailed, "domain liveness test failed")
-		// 	msg := "failed to check the liveness of the Domain. A valid public Domain on the same digitalocean " +
-		// 		"account as the one where Kubefirst will be installed is required for this operation to " +
-		// 		"complete.\nTroubleshoot Steps:\n\n - Make sure you are using the correct digitalocean account and " +
-		// 		"region.\n - Verify that you have the necessary permissions to access the domain.\n - Check " +
-		// 		"that the domain is correctly configured and is a public domain\n - Check if the " +
-		// 		"domain exists and has the correct name and domain.\n - If you don't have a Domain," +
-		// 		"please follow these instructions to create one: " +
-		// 		"https://docs.digitalocean.com/products/networking/dns/how-to/ \n\n" +
-		// 		"if you are still facing issues please reach out to support team for further assistance"
-
-		// 	return fmt.Errorf(msg)
-		// }
 		viper.Set("kubefirst-checks.domain-liveness", true)
 		viper.WriteConfig()
 		telemetryShim.Transmit(useTelemetryFlag, segmentClient, segment.MetricDomainLivenessCompleted, "")
@@ -701,6 +675,8 @@ func createDigitalocean(cmd *cobra.Command, args []string) error {
 		MetaphorProductionIngressURL:  fmt.Sprintf("metaphor-production.%s", domainNameFlag),
 	}
 
+	config.GitOpsDirectoryValues = &gitopsDirectoryTokens
+	config.MetaphorDirectoryValues = &metaphorDirectoryTokens
 	//* git clone and detokenize the gitops repository
 	// todo improve this logic for removing `kubefirst clean`
 	// if !viper.GetBool("template-repo.gitops.cloned") || viper.GetBool("template-repo.gitops.removed") {

cmd/digitalocean/destroy.go

@@ -64,7 +64,14 @@ func destroyDigitalocean(cmd *cobra.Command, args []string) error {
 	}
 
 	// Instantiate digitalocean config
-	config := providerConfigs.GetConfig(clusterName, domainName, gitProvider, cGitOwner, gitProtocol)
+	config := providerConfigs.GetConfig(
+		clusterName,
+		domainName,
+		gitProvider,
+		cGitOwner,
+		gitProtocol,
+		os.Getenv("CF_API_TOKEN"),
+	)
 	config.DigitaloceanToken = os.Getenv("DO_TOKEN")
 	switch gitProvider {
 	case "github":

cmd/digitalocean/root-credentials.go

@@ -8,6 +8,7 @@ package digitalocean
 
 import (
 	"fmt"
+	"os"
 
 	"github.com/kubefirst/runtime/pkg/credentials"
 	"github.com/kubefirst/runtime/pkg/digitalocean"
@@ -55,7 +56,14 @@ func getDigitaloceanRootCredentials(cmd *cobra.Command, args []string) error {
 	}
 
 	// Instantiate kubernetes client
-	config := providerConfigs.GetConfig(clusterName, domainName, gitProvider, gitOwner, gitProtocol)
+	config := providerConfigs.GetConfig(
+		clusterName,
+		domainName,
+		gitProvider,
+		gitOwner,
+		gitProtocol,
+		os.Getenv("CF_API_TOKEN"),
+	)
 
 	kcfg := k8s.CreateKubeConfig(false, config.Kubeconfig)
 

cmd/gcp/command.go

@@ -14,12 +14,12 @@ import (
 
 var (
 	// Create
-	alertsEmailFlag string
-	ciFlag          bool
-	cloudRegionFlag string
-	clusterNameFlag string
-	clusterTypeFlag string
-	// dnsProviderFlag          string
+	alertsEmailFlag          string
+	ciFlag                   bool
+	cloudRegionFlag          string
+	clusterNameFlag          string
+	clusterTypeFlag          string
+	dnsProviderFlag          string
 	domainNameFlag           string
 	gcpProjectFlag           string
 	githubOrgFlag            string
@@ -74,7 +74,7 @@ func Create() *cobra.Command {
 	createCmd.Flags().StringVar(&cloudRegionFlag, "cloud-region", "us-east1", "the GCP region to provision infrastructure in")
 	createCmd.Flags().StringVar(&clusterNameFlag, "cluster-name", "kubefirst", "the name of the cluster to create")
 	createCmd.Flags().StringVar(&clusterTypeFlag, "cluster-type", "mgmt", "the type of cluster to create (i.e. mgmt|workload)")
-	// createCmd.Flags().StringVar(&dnsProviderFlag, "dns-provider", "gcp", fmt.Sprintf("the dns provider - one of: %s", supportedDNSProviders))
+	createCmd.Flags().StringVar(&dnsProviderFlag, "dns-provider", "gcp", fmt.Sprintf("the dns provider - one of: %s", supportedDNSProviders))
 	createCmd.Flags().StringVar(&domainNameFlag, "domain-name", "", "the GCP DNS Name to use for DNS records (i.e. your-domain.com|subdomain.your-domain.com) (required)")
 	createCmd.MarkFlagRequired("domain-name")
 	createCmd.Flags().StringVar(&gcpProjectFlag, "gcp-project", "", "gcp project id (required)")