-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy pathplatform.build.ps1
More file actions
191 lines (185 loc) · 5.96 KB
/
platform.build.ps1
File metadata and controls
191 lines (185 loc) · 5.96 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
param (
[string]$username,
[string]$password,
[string]$email,
[string[]]$additionalHostNames
)
$dnsname = "platform.local"
task 0_cert_up cert_create, cert_copy, cert_import
task cert_create {
if(-not (get-item 0_certs/root-ca -ea 0)) {
Write-Debug 'creating cert dir'
# create a git ignored directory to store the root CA certificate and private key
New-Item -ItemType Directory -Path 0_certs/root-ca | out-null
Write-Debug 'creating new certs'
# create a new private key for the root CA
openssl genrsa -out ./0_certs/root-ca/root-ca-key.pem 2048 | out-null
# create a self-signed root CA certificate using the private key
openssl req -x509 -new -nodes -key ./0_certs/root-ca/root-ca-key.pem -days 3650 -sha256 -out ./0_certs/root-ca/root-ca.pem -subj "/CN=kube-ca" | out-null
}
}
task cert_copy {
if(get-item 0_certs/root-ca -ea 0) {
# Copy the cert over to argocd app so that its kustomize can reference it for oidc
New-Item -ItemType Directory -Path 2_platform/argocd/secrets -Force
Copy-Item 0_certs/root-ca/root-ca.pem ./2_platform/argocd/secrets/root-ca.pem
}
}
task cert_import {
# import the root CA certificate into the local machine's trusted root certificate store
if($IsWindows) {
Import-Certificate -FilePath 0_certs/root-ca/root-ca.pem -CertStoreLocation cert:\CurrentUser\Root
}
else {
sudo trust anchor 0_certs/root-ca/root-ca.pem
sudo update-ca-trust
}
}
task 1_cluster_up {
kind create cluster --config 1_cluster/kind/cluster.yaml
}
task 1_cluster_down {
kind delete cluster -n ds-ref-cluster
}
task 2_platform_up {
push-location 2_platform
tilt up
pop-location
}
task 2_platform_down {
push-location 2_platform
tilt down
pop-location
}
task 3_gitops_up {
push-location 3_gitops
tilt up
pop-location
}
task 3_gitops_down {
push-location 3_gitops
tilt down
pop-location
}
task local_dns {
if($IsWindows)
{$hostsfile = "c:\windows\system32\drivers\etc\hosts"}
else {$hostsfile = "/etc/hosts"}
write-host "copy and paste into your host files (need to save as admin)"
$hostrecords =
@"
############################################
127.0.0.1 kc.$dnsname
127.0.0.1 argocd.$dnsname
127.0.0.1 pg.$dnsname
127.0.0.1 echo.$dnsname
"@
foreach($h in $additionalHostNames){
$hostrecords += '127.0.0.1 ' + $h + "." + $dnsname + "`n"
}
$hostrecords += "############################################"
$hostrecords | Write-Host
code $hostsfile
}
task bootstrap {
$kcadminpatchpattern = @"
- op: add
path: /data/KEYCLOAK_ADMIN
value: {0}
- op: add
path: /data/KEYCLOAK_ADMIN_PASSWORD
value: {1}
"@
$kcauthpatchpattern = @"
- op: add
path: /spec/template/spec/containers/0/env
value:
- name: KEYCLOAK_ADMIN
value: {0}
- name: KEYCLOAK_ADMIN_PASSWORD
value: {1}
- name: KEYCLOAK_ADMIN_EMAIL
value: {2}
"@
# Pick a username and a default password to use for the platform.
if($username -eq ''){
$username = Read-Host -Prompt "Enter a username for the platform"
}
if($password -eq ''){
$password = Read-Host -Prompt "Enter a password for your platform user" -MaskInput
}
if($email -eq '') {
$email = Read-Host -Prompt "Enter an email for your platform user"
}
Write-Output "Boostrapping user $username"
$stupidCharacters = '`''"$'
if($password -match "[$stupidCharacters]") {
throw "Password cannot contain any of the following characters: $stupidCharacters (because I couldn't get the curl command to escape them :D)"
}
$kcadminpatchpattern -f $username, $password > 2_platform/keycloak/keycloak-admin-patch.yaml
$kcauthpatchpattern -f $username, $password, $email > 2_platform/keycloak-auth-patch.yaml
}
task prereqs {
$reqs = @(
"kubectl",
"kind",
"tilt",
"openssl",
"helm",
"kustomize"
)
foreach ($req in $reqs) {
if ( Get-Command $req -ErrorAction SilentlyContinue) {
Write-Host "$req found"
continue
}
else {
Write-Host "$req not found. Please install it and try again"
if($IsWindows){
$scoopInstalled = Get-Command scoop -ErrorAction SilentlyContinue
if(-not $scoopInstalled) {
$installScoop = Read-Host -Prompt "Would you like to install scoop? (y/n)"
if($installScoop -eq "y") {
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser
Invoke-RestMethod -Uri https://get.scoop.sh | Invoke-Expression
scoop bucket add tilt-dev https://github.com/tilt-dev/scoop-bucket
}
else {
break;
}
}
$installNowWithScoop = Read-Host -Prompt "Would you like to install $req with scoop now? (y/n)"
if($installNowWithScoop -eq "y") {
scoop install $req
}
}
else {
# todo: linux users need help here.
}
}
}
}
task changebranch {
$mainbranch = 'main'
$currentBranch = git rev-parse --abbrev-ref HEAD
$filesToChange = Get-ChildItem -Recurse -Filter 'gitops-*.yaml'
foreach ($file in $filesToChange) {
$content = Get-Content $file
if($content -match ": $mainbranch") {
$content = $content -replace ": $mainbranch", ": $currentBranch"
}
else{
$content = $content -replace ": $currentBranch", ": $mainbranch"
}
$content | Set-Content $file
}
}
task cb changebranch
task dns_local local_dns
task init prereqs, bootstrap, 0_cert_up, local_dns
task 0 0_cert_up
task 1 1_cluster_up
task 2 2_platform_up
task 3 3_gitops_up
task up 1_cluster_up, 3_gitops_up
task down 1_cluster_down