From e297f056035c1e5c692d878aaedc02946ecba6b3 Mon Sep 17 00:00:00 2001 From: "Benjamin A. Petersen" Date: Tue, 29 Aug 2023 16:01:18 -0400 Subject: [PATCH] remove old unused scripts --- deploy_carvel/deploy_concierge.sh | 41 -------- deploy_carvel/deploy_supervisor.sh | 164 ++++++++++++++++++----------- 2 files changed, 101 insertions(+), 104 deletions(-) delete mode 100755 deploy_carvel/deploy_concierge.sh diff --git a/deploy_carvel/deploy_concierge.sh b/deploy_carvel/deploy_concierge.sh deleted file mode 100755 index 12d5cf9b..00000000 --- a/deploy_carvel/deploy_concierge.sh +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/bash - - -APP="pinn-conci" - -kapp deploy --app "${APP}" --diff-changes --file <(ytt \ - --file concierge/config/authentication.concierge.pinniped.dev_jwtauthenticators.yaml - --file concierge/config/authentication.concierge.pinniped.dev_webhookauthenticcators.yaml - --file concierge/config/config.concierge.pinniped.dev_credential_issuers.yaml - --file concierge/config/deployment-HACKED.yaml \ - --file concierge/config/helpers.lib.yaml \ - --file concierge/config/rbac.yaml \ - --file concierge/config/z0_crd_overlay.yaml \ - --file concierge/config/values.yaml \ - --data-value app_name=pinn-conci \ - --data-value namespace=pinn-conci \ - --data-value-yaml 'custom_labels={"foo": bar}' \ - --data-value replicas=3) - - -## template the thing -#RENDER_OUTPUT_FILE=$( -#ytt \ -# --file concierge/config/helpers.lib.yaml \ -# --file concierge/config/deployment.yaml \ -# --file concierge/config/service.yaml \ -# --file concierge/config/values.yaml \ -# --data-value app_name=pinn-super \ -# --data-value namespace=pinn-super \ -# --data-value-yaml 'custom_labels={"foo": bar}' \ -# --data-value replicas=3 -#) -# -## view it -#echo "$RENDER_OUTPUT_FILE" -# -## give it to kapp -#kapp deploy \ -# --app pinn-super \ -# --diff-changes \ -# --file <( "${RENDER_OUTPUT_FILE}" ) diff --git a/deploy_carvel/deploy_supervisor.sh b/deploy_carvel/deploy_supervisor.sh index fd3915e5..7aa13245 100755 --- a/deploy_carvel/deploy_supervisor.sh +++ b/deploy_carvel/deploy_supervisor.sh @@ -1,66 +1,104 @@ -#!/bin/bash +#!/usr/bin/env bash -# need to maintain this if used. -# but there must be a way to get ytt to read a directory of files. -#RENDERED_OUTPUT_FILES=$( -#ytt \ -# --file supervisor/config/helpers.lib.yaml \ -# --file supervisor/config/config.supervisor.pinniped.dev_federationdomains.yaml \ -# --file supervisor/config/config.supervisor.pinniped.dev_oidcclients.yaml \ -# --file supervisor/config/idp.supervisor.pinniped.dev_activedirectoryidentityproviders.yaml \ -# --file supervisor/config/idp.supervisor.pinniped.dev_ldapidentityproviders.yaml \ -# --file supervisor/config/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml \ -# --file supervisor/config/z0_crd_overlay.yaml \ -# --file supervisor/config/rbac.yaml \ -# --file supervisor/config/service.yaml \ -# --file supervisor/config/deployment.yaml \ -# --file supervisor/config/values.yaml \ -# --data-value app_name=pinn-super \ -# --data-value namespace=pinn-super \ -# --data-value-yaml 'custom_labels={"foo": bar}' \ -# --data-value replicas=3 -#) -# -#echo "${RENDERED_OUTPUT_FILES}" - -APP="pinn-super" - -kapp deploy --app "${APP}" --diff-changes --file <(ytt \ - --file supervisor/config/helpers.lib.yaml \ - --file supervisor/config/config.supervisor.pinniped.dev_federationdomains.yaml \ - --file supervisor/config/config.supervisor.pinniped.dev_oidcclients.yaml \ - --file supervisor/config/idp.supervisor.pinniped.dev_activedirectoryidentityproviders.yaml \ - --file supervisor/config/idp.supervisor.pinniped.dev_ldapidentityproviders.yaml \ - --file supervisor/config/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml \ - --file supervisor/config/z0_crd_overlay.yaml \ - --file supervisor/config/rbac.yaml \ - --file supervisor/config/service.yaml \ - --file supervisor/config/deployment-HACKED.yaml \ - --file supervisor/config/values.yaml \ - --data-value app_name=pinn-super \ - --data-value namespace=pinn-super \ - --data-value-yaml 'custom_labels={"foo": bar}' \ - --data-value replicas=3) +# https://gist.github.com/mohanpedala/1e2ff5661761d3abd0385e8223e16425 +set -e # immediately exit +set -u # error if variables undefined +set -o pipefail # prevent masking errors in a pipeline +# set -x # print all executed commands to terminal -## template the thing -#RENDER_OUTPUT_FILE=$( -#ytt \ -# --file supervisor/config/helpers.lib.yaml \ -# --file supervisor/config/deployment.yaml \ -# --file supervisor/config/service.yaml \ -# --file supervisor/config/values.yaml \ -# --data-value app_name=pinn-super \ -# --data-value namespace=pinn-super \ -# --data-value-yaml 'custom_labels={"foo": bar}' \ -# --data-value replicas=3 -#) -# -## view it -#echo "$RENDER_OUTPUT_FILE" -# -## give it to kapp -#kapp deploy \ -# --app pinn-super \ -# --diff-changes \ -# --file <( "${RENDER_OUTPUT_FILE}" ) +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +BLUE='\033[0;34m' +DEFAULT='\033[0m' + +echo_yellow() { + echo -e "${YELLOW}>> $@${DEFAULT}\n" + # printf "${GREEN}$@${DEFAULT}" +} + +echo_green() { + echo -e "${GREEN}>> $@${DEFAULT}\n" + # printf "${BLUE}$@${DEFAULT}" +} +echo_red() { + echo -e "${RED}>> $@${DEFAULT}\n" + # printf "${BLUE}$@${DEFAULT}" +} +echo_blue() { + echo -e "${BLUE}>> $@${DEFAULT}\n" + # printf "${BLUE}$@${DEFAULT}" +} + +# borrowed from /tmp/integration-test-env +# TODO: make new scripts work with the old script? +# or how to ensure we can install both +# - the old way, ytt or plain yamls +# - the new way, with the PackageRepository and Packages +# export PINNIPED_TEST_SUPERVISOR_NAMESPACE=supervisor +PINNIPED_TEST_SUPERVISOR_NAMESPACE=default +# export PINNIPED_TEST_PROXY=http://127.0.0.1:12346 +PINNIPED_TEST_PROXY=http://127.0.0.1:12346 + +# from here forward borrowed from ${repo_root}/hack/prepare-supervisor-on-kind.sh + +# NOPE! Not running this script, so we have to pull the env vars ourselves +# however, we can run it against another kind cluster and take a look at it to make sure +# we understand what the contents are +# Read the env vars output by hack/prepare-for-integration-tests.sh +# source /tmp/integration-test-env + +# Choose some filenames. +root_ca_crt_path=root_ca.crt +root_ca_key_path=root_ca.key +tls_crt_path=tls.crt +tls_key_path=tls.key + +# Choose an audience name for the Concierge. +audience="my-workload-cluster-$(openssl rand -hex 4)" + +# These settings align with how the Dex redirect URI is configured by hack/prepare-for-integration-tests.sh. +# Note that this hostname can only be resolved inside the cluster, so we will use a web proxy running inside +# the cluster whenever we want to be able to connect to it. +issuer_host="pinniped-supervisor-clusterip.supervisor.svc.cluster.local" +issuer="https://$issuer_host/some/path" + + +# Create a CA and TLS serving certificates for the Supervisor. +step certificate create \ + "Supervisor CA" "$root_ca_crt_path" "$root_ca_key_path" \ + --profile root-ca \ + --no-password --insecure --force +step certificate create \ + "$issuer_host" "$tls_crt_path" "$tls_key_path" \ + --profile leaf \ + --not-after 8760h \ + --ca "$root_ca_crt_path" --ca-key "$root_ca_key_path" \ + --no-password --insecure --force + +# Put the TLS certificate into a Secret for the Supervisor. +kubectl create secret tls -n "$PINNIPED_TEST_SUPERVISOR_NAMESPACE" my-federation-domain-tls --cert "$tls_crt_path" --key "$tls_key_path" \ + --dry-run=client --output yaml | kubectl apply -f - + + +# Make a FederationDomain using the TLS Secret from above. +cat <