From f4fcab3d17dfee4ee01af4cbc1433bcfc09ad0d3 Mon Sep 17 00:00:00 2001 From: xeruf <27jf@pm.me> Date: Thu, 30 Jun 2022 10:54:03 +0100 Subject: [PATCH] config/shell/server/stack: allow subcommand binaries --- .config/shell/server | 49 ++++++++++------ .local/bin/scripts/stack-template | 92 +++++++++++++++++++++++++++++++ 2 files changed, 123 insertions(+), 18 deletions(-) create mode 100755 .local/bin/scripts/stack-template diff --git a/.config/shell/server b/.config/shell/server index e2007bd..2c70bb8 100644 --- a/.config/shell/server +++ b/.config/shell/server @@ -3,14 +3,21 @@ _stackspin_cluster_cache=/var/tmp/stackspin-cluster # Stackspin CLI Wrapper # Initialize once with "stack select example.org", -# then it loads the last selected one on startup. +# then it loads the last selected cluster on startup. # Presumes a mapping like the following in your ssh config: # Host example.org # Hostname [IP] stack() { - case "$1" in + test $# -lt 1 && + builtin cd "$STACKSPIN" && + echo "Usage: $0 [args...]" && + echo "Inbuilt commands: select, sso, user, exec, pod, occ" && + return 1 + local command="$1" + shift + case "$command" in # stackspin administration - (select) shift + (select) export _cluster_name="$1" export _cluster_ip="$(ssh -G "$_cluster_name" | grep --max-count 1 "^hostname " | cut -d " " -f2-)" export CLUSTER_DIR="$STACKSPIN/clusters/$_cluster_name" @@ -21,29 +28,35 @@ stack() { echo "$_cluster_name" >"$_stackspin_cluster_cache" builtin cd "$STACKSPIN" ;; - (sso) shift - builtin cd "$STACKSPIN" + (sso) builtin cd "$STACKSPIN" "$0" exec single-sign-on-login -- flask "$@";; (user) - if test "$2" = "init" - then mail="$3" - shift 3 + if test "$1" = "init" + then mail="$2" + shift 2 stack user create "$mail" stack user update "$mail" name "$*" echo "Initialized user '$*' with email '$mail'" - else "$0" exec single-sign-on-login -- flask "$@" + else "$0" exec single-sign-on-login -- flask "$command" "$@" fi;; # app clis via kubectl - (occ) "$0" exec nc-nextcloud -it -- su www-data -s /bin/bash -c "php $*";; - (exec) shift - kubectl exec -n $("$0" pod "$1-[0-9]") "${@:2}";; - (pod) shift - kubectl get pods --all-namespaces --field-selector="status.phase=Running" -o=custom-columns=S:.metadata.namespace,N:.metadata.name --no-headers "${@:2}" | grep --color=never "$1";; + (occ) "$0" exec nc-nextcloud -it -- su www-data -s /bin/bash -c "php $command $*";; + (exec) kubectl exec -n $("$0" pod "$1-[0-9]") "${@:2}";; + (pod) + local podname=$1 + shift + kubectl get pods --all-namespaces --field-selector="status.phase=Running" -o=custom-columns=S:.metadata.namespace,N:.metadata.name --no-headers "$@" | grep --color=never "$podname";; # stackspin bare - (*) builtin cd "$STACKSPIN" - if test $# -gt 1 -a "$1" = install - then shift && "./install/install-$1.sh" || ./install/install-app.sh "$@" - else python3 -m stackspin "$_cluster_name" "$@" + (*) if which "$0-$command" >/dev/null 2>&1 + then "$0-$command" "$@" + return $? + fi + builtin cd "$STACKSPIN" + # Since the install command can also be given bare to install stackspin itself + if test $# -gt 0 -a "$command" = install + then "./install/install-$1.sh" || ./install/install-app.sh "$@" + else python3 -m stackspin "$_cluster_name" "$command" "$@" + # pip3 install -r requirements.txt fi;; esac } diff --git a/.local/bin/scripts/stack-template b/.local/bin/scripts/stack-template new file mode 100755 index 0000000..335996e --- /dev/null +++ b/.local/bin/scripts/stack-template @@ -0,0 +1,92 @@ +#!/bin/sh -e +test $# -lt 1 && + echo "Usage: $0 [subdomain] [repo] [namespace]" && + exit 1 +app=$1 +subdomain=${2:-$app} +repo=${3:-$app} +namespace=${4:-stackspout} +cat <$app-oauth-client.yaml +apiVersion: hydra.ory.sh/v1alpha1 +kind: OAuth2Client +metadata: + name: $app-oauth-client + # Has to live in the same namespace as the stackspin-$app-oauth-variables secret + namespace: flux-system +spec: + # TODO copied from wekan: https://github.com/wekan/wekan/wiki/Keycloak + grantTypes: + - authorization_code + - refresh_token + - client_credentials + - implicit + responseTypes: + - id_token + - code + scope: "openid profile email stackspin_roles" + secretName: stackspin-$app-oauth-variables + #redirectUris: + # - https://$subdomain.\${domain}/oauth/openid/ + #tokenEndpointAuthMethod: client_secret_post +EOF + +cat <$app-release.yaml +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: $app + namespace: $namespace +spec: + releaseName: $app + chart: + spec: + chart: $app + version: # TODO + sourceRef: + kind: HelmRepository + name: $repo + namespace: flux-system + interval: 5m + valuesFrom: + - kind: ConfigMap + name: stackspin-$app-values + optional: false + # Allow overriding values by ConfigMap or Secret + - kind: ConfigMap + name: stackspin-$app-override + optional: true + - kind: Secret + name: stackspin-$app-override + optional: true +EOF + +cat <$app-values-configmap.yaml +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: stackspin-$app-values + namespace: $namespace +data: + values.yaml: | + # TODO verify structure matches chart + ingress: + enabled: true + annotations: + kubernetes.io/tls-acme: "true" + hosts: + - host: "$subdomain.\${domain}" + paths: + - path: / + pathType: Prefix + tls: + - secretName: $app-tls + hosts: + - "$subdomain.\${domain}" + # TODO Adjust OIDC SSO to service + # - name: Stackspin + # key: "\${client_id}" + # secret: "\${client_secret}" + # autoDiscoverUrl: 'https://sso.\${domain}/.well-known/openid-configuration' +EOF +