janek
/
dotfiles
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

config/shell/server/stack: allow subcommand binaries

This commit is contained in:
xeruf 2022-06-30 10:54:03 +01:00
parent 3155792de7
commit f4fcab3d17
2 changed files with 123 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
.config/shell/server
View File

@ -3,14 +3,21 @@ _stackspin_cluster_cache=/var/tmp/stackspin-cluster
# Stackspin CLI Wrapper # Stackspin CLI Wrapper
# Initialize once with "stack select example.org", # Initialize once with "stack select example.org",
# then it loads the last selected one on startup. # then it loads the last selected cluster on startup.
# Presumes a mapping like the following in your ssh config: # Presumes a mapping like the following in your ssh config:
# Host example.org # Host example.org
# Hostname [IP] # Hostname [IP]
stack() { stack() {
case "$1" in test $# -lt 1 &&
builtin cd "$STACKSPIN" &&
echo "Usage: $0 <COMMAND> [args...]" &&
echo "Inbuilt commands: select, sso, user, exec, pod, occ" &&
return 1
local command="$1"
shift
case "$command" in
# stackspin administration # stackspin administration
(select) shift (select)
export _cluster_name="$1" export _cluster_name="$1"
export _cluster_ip="$(ssh -G "$_cluster_name" | grep --max-count 1 "^hostname " | cut -d " " -f2-)" export _cluster_ip="$(ssh -G "$_cluster_name" | grep --max-count 1 "^hostname " | cut -d " " -f2-)"
export CLUSTER_DIR="$STACKSPIN/clusters/$_cluster_name" export CLUSTER_DIR="$STACKSPIN/clusters/$_cluster_name"
@ -21,29 +28,35 @@ stack() {
echo "$_cluster_name" >"$_stackspin_cluster_cache" echo "$_cluster_name" >"$_stackspin_cluster_cache"
builtin cd "$STACKSPIN" builtin cd "$STACKSPIN"
;; ;;
(sso) shift (sso) builtin cd "$STACKSPIN"
builtin cd "$STACKSPIN"
"$0" exec single-sign-on-login -- flask "$@";; "$0" exec single-sign-on-login -- flask "$@";;
(user) (user)
if test "$2" = "init" if test "$1" = "init"
then mail="$3" then mail="$2"
shift 3 shift 2
stack user create "$mail" stack user create "$mail"
stack user update "$mail" name "$*" stack user update "$mail" name "$*"
echo "Initialized user '$*' with email '$mail'" echo "Initialized user '$*' with email '$mail'"
else "$0" exec single-sign-on-login -- flask "$@" else "$0" exec single-sign-on-login -- flask "$command" "$@"
fi;; fi;;
# app clis via kubectl # app clis via kubectl
(occ) "$0" exec nc-nextcloud -it -- su www-data -s /bin/bash -c "php $*";; (occ) "$0" exec nc-nextcloud -it -- su www-data -s /bin/bash -c "php $command $*";;
(exec) shift (exec) kubectl exec -n $("$0" pod "$1-[0-9]") "${@:2}";;
kubectl exec -n $("$0" pod "$1-[0-9]") "${@:2}";; (pod)
(pod) shift local podname=$1
kubectl get pods --all-namespaces --field-selector="status.phase=Running" -o=custom-columns=S:.metadata.namespace,N:.metadata.name --no-headers "${@:2}" | grep --color=never "$1";; shift
kubectl get pods --all-namespaces --field-selector="status.phase=Running" -o=custom-columns=S:.metadata.namespace,N:.metadata.name --no-headers "$@" | grep --color=never "$podname";;
# stackspin bare # stackspin bare
(*) builtin cd "$STACKSPIN" (*) if which "$0-$command" >/dev/null 2>&1
if test $# -gt 1 -a "$1" = install then "$0-$command" "$@"
then shift && "./install/install-$1.sh" || ./install/install-app.sh "$@" return $?
else python3 -m stackspin "$_cluster_name" "$@" fi
builtin cd "$STACKSPIN"
# Since the install command can also be given bare to install stackspin itself
if test $# -gt 0 -a "$command" = install
then "./install/install-$1.sh" || ./install/install-app.sh "$@"
else python3 -m stackspin "$_cluster_name" "$command" "$@"
# pip3 install -r requirements.txt
fi;; fi;;
esac esac
} }

92
.local/bin/scripts/stack-template Executable file
View File

@ -0,0 +1,92 @@
#!/bin/sh -e
test $# -lt 1 &&
echo "Usage: $0 <app> [subdomain] [repo] [namespace]" &&
exit 1
app=$1
subdomain=${2:-$app}
repo=${3:-$app}
namespace=${4:-stackspout}
cat <<EOF >$app-oauth-client.yaml
apiVersion: hydra.ory.sh/v1alpha1
kind: OAuth2Client
metadata:
name: $app-oauth-client
# Has to live in the same namespace as the stackspin-$app-oauth-variables secret
namespace: flux-system
spec:
# TODO copied from wekan: https://github.com/wekan/wekan/wiki/Keycloak
grantTypes:
- authorization_code
- refresh_token
- client_credentials
- implicit
responseTypes:
- id_token
- code
scope: "openid profile email stackspin_roles"
secretName: stackspin-$app-oauth-variables
#redirectUris:
# - https://$subdomain.\${domain}/oauth/openid/
#tokenEndpointAuthMethod: client_secret_post
EOF
cat <<EOF >$app-release.yaml
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: $app
namespace: $namespace
spec:
releaseName: $app
chart:
spec:
chart: $app
version: # TODO
sourceRef:
kind: HelmRepository
name: $repo
namespace: flux-system
interval: 5m
valuesFrom:
- kind: ConfigMap
name: stackspin-$app-values
optional: false
# Allow overriding values by ConfigMap or Secret
- kind: ConfigMap
name: stackspin-$app-override
optional: true
- kind: Secret
name: stackspin-$app-override
optional: true
EOF
cat <<EOF >$app-values-configmap.yaml
---
apiVersion: v1
kind: ConfigMap
metadata:
name: stackspin-$app-values
namespace: $namespace
data:
values.yaml: |
# TODO verify structure matches chart
ingress:
enabled: true
annotations:
kubernetes.io/tls-acme: "true"
hosts:
- host: "$subdomain.\${domain}"
paths:
- path: /
pathType: Prefix
tls:
- secretName: $app-tls
hosts:
- "$subdomain.\${domain}"
# TODO Adjust OIDC SSO to service
# - name: Stackspin
# key: "\${client_id}"
# secret: "\${client_secret}"
# autoDiscoverUrl: 'https://sso.\${domain}/.well-known/openid-configuration'
EOF