-
Notifications
You must be signed in to change notification settings - Fork 5
/
installation-script
673 lines (592 loc) · 27.9 KB
/
installation-script
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
LTAG="main";
REPO_RAW_URL="https://raw.githubusercontent.com/devtron-labs/devtron-installation-script/";
operatorSecret = kubectl get secret -n devtroncd devtron-operator-secret;
operatorConfigMap = kubectl get cm -n devtroncd devtron-operator-cm;
postgresqlPassword = jsonSelect(operatorSecret, "data.POSTGRESQL_PASSWORD");
acdPassword = jsonSelect(operatorSecret, "data.ACD_PASSWORD");
webHookToken = jsonSelect(operatorSecret, "data.WEBHOOK_TOKEN");
grafanaPassword = jsonSelect(operatorSecret, "data.GRAFANA_PASSWORD");
azureAccountKey = jsonSelect(operatorSecret, "data.AZURE_ACCOUNT_KEY");
baseURLScheme = jsonSelect(operatorConfigMap, "data.BASE_URL_SCHEME");
baseURL = jsonSelect(operatorConfigMap, "data.BASE_URL");
dexConfig = jsonSelect(operatorConfigMap, "data.DEX_CONFIG");
defaultCDLogsBucketRegion = jsonSelect(operatorConfigMap, "data.DEFAULT_CD_LOGS_BUCKET_REGION");
defaultCacheBucket = jsonSelect(operatorConfigMap, "data.DEFAULT_CACHE_BUCKET");
defaultCacheBucketRegion = jsonSelect(operatorConfigMap, "data.DEFAULT_CACHE_BUCKET_REGION");
defaultBuildLogsBucket = jsonSelect(operatorConfigMap, "data.DEFAULT_BUILD_LOGS_BUCKET");
externalSecretAmazonRegion = jsonSelect(operatorConfigMap, "data.EXTERNAL_SECRET_AMAZON_REGION");
prometheusUrl = jsonSelect(operatorConfigMap, "data.PROMETHEUS_URL");
setupDevtronIngress = jsonSelect(operatorConfigMap, "data.ENABLE_INGRESS");
devtronIngressAnnotations = jsonSelect(operatorConfigMap, "data.INGRESS_ANNOTATIONS");
cloudProvider = jsonSelect(operatorConfigMap, "data.BLOB_STORAGE_PROVIDER");
azureAccountName = jsonSelect(operatorConfigMap, "data.AZURE_ACCOUNT_NAME");
azureBlobContainerCiLog = jsonSelect(operatorConfigMap, "data.AZURE_BLOB_CONTAINER_CI_LOG");
azureBlobContainerCiCache = jsonSelect(operatorConfigMap, "data.AZURE_BLOB_CONTAINER_CI_CACHE");
passwordGen = `#!/bin/bash
openssl rand -base64 20 | base64 | tr -d ':\n' | tr -d '=' | base64 | tr -d ':\n'`;
shebang = `#!/bin/bash
`;
sleep50 = shebang + `
sleep 50`;
base64EncoderPrefix = `#!/bin/bash
`;
base64EncoderSuffix = ` | base64 | tr -d ':\n'`;
base64DecoderPrefix = `#!/bin/bash
`;
base64DecoderSuffix = ` | base64 -d | tr -d ':\n'`;
if !postgresqlPassword {
postgresqlPassword = shellScript passwordGen;
}
if !baseURL {
log("baseURL is mandatory");
}
######Generating raw urls
argocd_raw = REPO_RAW_URL + LTAG + "/yamls/argocd.yaml";
clair_raw = REPO_RAW_URL + LTAG + "/yamls/clair.yaml";
clairConfig_raw = REPO_RAW_URL + LTAG + "/yamls/clair-config.yaml";
dashboard_raw = REPO_RAW_URL + LTAG + "/yamls/dashboard.yaml";
gitSensor_raw = REPO_RAW_URL + LTAG + "/yamls/gitsensor.yaml";
guard_raw = REPO_RAW_URL + LTAG + "/yamls/guard.yaml";
postgresql_raw = REPO_RAW_URL + LTAG + "/yamls/postgresql.yaml";
imageScanner_raw = REPO_RAW_URL + LTAG + "/yamls/image-scanner.yaml";
kubewatch_raw = REPO_RAW_URL + LTAG + "/yamls/kubewatch.yaml";
lens_raw = REPO_RAW_URL + LTAG + "/yamls/lens.yaml";
migrator_raw = REPO_RAW_URL + LTAG + "/yamls/migrator.yaml";
natsOperator_raw = REPO_RAW_URL + LTAG + "/yamls/nats-operator.yaml";
natsServer_raw = REPO_RAW_URL + LTAG + "/yamls/nats-server.yaml";
natsStreaming_raw = REPO_RAW_URL + LTAG + "/yamls/nats-streaming.yaml";
notifier_raw = REPO_RAW_URL + LTAG + "/yamls/notifier.yaml";
devtron_raw = REPO_RAW_URL + LTAG + "/yamls/devtron.yaml";
devtronDexIngress_raw = REPO_RAW_URL + LTAG + "/yamls/devtron-dex-ingress.yaml";
workflow_raw = REPO_RAW_URL + LTAG + "/yamls/workflow.yaml";
serviceAccount_raw = REPO_RAW_URL + LTAG + "/yamls/serviceaccount.yaml";
namespace_raw = REPO_RAW_URL + LTAG + "/yamls/namespace.yaml";
externalSecret_raw = REPO_RAW_URL + LTAG + "/yamls/external-secret.yaml";
grafana_raw = REPO_RAW_URL + LTAG + "/yamls/grafana.yaml";
rollout_raw = REPO_RAW_URL + LTAG + "/yamls/rollout.yaml";
minio_raw = REPO_RAW_URL + LTAG + "/yamls/minio.yaml";
minioStorage_raw = REPO_RAW_URL + LTAG + "/yamls/minio-storage.yaml";
######Downloading the manifests
argocd = download(argocd_raw);
clair = download(clair_raw);
clairConfig = download(clairConfig_raw);
dashboard = download(dashboard_raw);
gitSensor = download(gitSensor_raw);
guard = download(guard_raw);
postgresql = download(postgresql_raw);
imageScanner = download(imageScanner_raw);
kubewatch = download(kubewatch_raw);
lens = download(lens_raw);
migrator = download(migrator_raw);
natsOperator = download(natsOperator_raw);
natsServer = download(natsServer_raw);
natsStreaming = download(natsStreaming_raw);
notifier = download(notifier_raw);
devtron = download(devtron_raw);
devtronDexIngress = download(devtronDexIngress_raw);
workflow = download(workflow_raw);
serviceAccount = download(serviceAccount_raw);
namespace = download(namespace_raw);
externalSecret = download(externalSecret_raw);
grafana = download(grafana_raw);
rollout = download(rollout_raw);
minio = download(minio_raw);
minioStorage = download(minioStorage_raw);
######Downloading the manifests
argocdOverride = kubectl get cm -n devtroncd argocd-override-cm;
clairOverride = kubectl get cm -n devtroncd clair-override-cm;
clairConfigOverride = kubectl get cm -n devtroncd clair-config-override-cm;
dashboardOverride = kubectl get cm -n devtroncd dashboard-override-cm;
gitSensorOverride = kubectl get cm -n devtroncd git-sensor-override-cm;
guardOverride = kubectl get cm -n devtroncd guard-override-cm;
postgresqlOverride = kubectl get cm -n devtroncd postgresql-override-cm;
imageScannerOverride = kubectl get cm -n devtroncd image-scanner-override-cm;
kubewatchOverride = kubectl get cm -n devtroncd kubewatch-override-cm;
lensOverride = kubectl get cm -n devtroncd lens-override-cm;
migratorOverride = kubectl get cm -n devtroncd migrator-override-cm;
natsOperatorOverride = kubectl get cm -n devtroncd nats-operator-override-cm;
natsServerOverride = kubectl get cm -n devtroncd nats-server-override-cm;
natsStreamingOverride = kubectl get cm -n devtroncd nats-streaming-override-cm;
notifierOverride = kubectl get cm -n devtroncd notifier-override-cm;
devtronOverride = kubectl get cm -n devtroncd devtron-override-cm;
devtronDexIngressOverride = kubectl get cm -n devtroncd devtron-dex-ingress-override-cm;
workflowOverride = kubectl get cm -n devtroncd workflow-override-cm;
serviceAccountOverride = kubectl get cm -n devtroncd devtron-service-account-override-cm;
namespaceOverride = kubectl get cm -n devtroncd namespace-override-cm;
externalSecretOverride = kubectl get cm -n devtroncd external-secret-override-cm;
grafanaOverride = kubectl get cm -n devtroncd grafana-override-cm;
rolloutOverride = kubectl get cm -n devtroncd rollout-override-cm;
minioOverride = kubectl get cm -n devtroncd minio-override-cm;
minioStorageOverride = kubectl get cm -n devtroncd minio-storage-override-cm;
argocdOverride = jsonSelect(argocdOverride, "data.override");
clairOverride = jsonSelect(clairOverride, "data.override");
clairConfigOverride = jsonSelect(clairConfigOverride, "data.override");
dashboardOverride = jsonSelect(dashboardOverride, "data.override");
gitSensorOverride = jsonSelect(gitSensorOverride, "data.override");
guardOverride = jsonSelect(guardOverride, "data.override");
postgresqlOverride = jsonSelect(postgresqlOverride, "data.override");
imageScannerOverride = jsonSelect(imageScannerOverride, "data.override");
kubewatchOverride = jsonSelect(kubewatchOverride, "data.override");
lensOverride = jsonSelect(lensOverride, "data.override");
migratorOverride = jsonSelect(migratorOverride, "data.override");
natsOperatorOverride = jsonSelect(natsOperatorOverride, "data.override");
natsServerOverride = jsonSelect(natsServerOverride, "data.override");
natsStreamingOverride = jsonSelect(natsStreamingOverride, "data.override");
notifierOverride = jsonSelect(notifierOverride, "data.override");
devtronOverride = jsonSelect(devtronOverride, "data.override");
devtronDexIngressOverride = jsonSelect(devtronDexIngressOverride, "data.override");
workflowOverride = jsonSelect(workflowOverride, "data.override");
serviceAccountOverride = jsonSelect(serviceAccountOverride, "data.override");
namespaceOverride = jsonSelect(namespaceOverride, "data.override");
grafanaOverride = jsonSelect(grafanaOverride, "data.override");
rolloutOverride = jsonSelect(rolloutOverride, "data.override");
minioOverride = jsonSelect(minioOverride, "data.override");
minioStorageOverride = jsonSelect(minioStorageOverride, "data.override");
#minio start
hasMinio = kubectl get sts devtron-minio -n devtroncd;
minioAccesskey = "";
minioSecretkey = "";
minioEndpoint = "http://devtron-minio.devtroncd:9000";
if cloudProvider=="AZURE" {
azureAccountNameEncoded = base64EncoderPrefix + `echo "` + azureAccountName + `" | tr -d ':\n' ` + base64EncoderSuffix;
azureAccountNameEncoded = shellScript azureAccountNameEncoded;
kubeYamlEdit(minio, "data.accesskey", azureAccountNameEncoded, `/Secret//devtron-minio`);
kubeYamlEdit(minio, "data.secretkey", azureAccountKey, `/Secret//devtron-minio`);
minio = kubectl apply -n devtroncd minio;
log("executed minio setup");
} else if cloudProvider=="MINIO" && !hasMinio {
log("no minio");
minioAccesskey = shellScript passwordGen;
minioSecretkey = shellScript passwordGen;
kubeYamlEdit(minioStorage, "data.accesskey", minioAccesskey, `/Secret//devtron-minio`);
kubeYamlEdit(minioStorage, "data.secretkey", minioSecretkey, `/Secret//devtron-minio`);
minioStorage = kubectl apply -n devtroncd minioStorage ;
} else if cloudProvider=="MINIO" && hasMinio {
log("has minio");
minioSecret = kubectl get secret devtron-minio -n devtroncd;
minioAccesskey = jsonSelect(minioSecret, "data.accesskey");
minioSecretkey = jsonSelect(minioSecret, "data.secretkey");
log(minioSecret);
log("====================");
}
if cloudProvider=="MINIO"{
kubeYamlEdit(devtron, "data.MINIO_ACCESS_KEY", minioAccesskey, `/Secret//devtron-secret`);
kubeYamlEdit(devtron, "data.MINIO_SECRET_KEY", minioSecretkey, `/Secret//devtron-secret`);
kubeYamlEdit(devtron, "data.MINIO_ENDPOINT", minioEndpoint, `/ConfigMap//devtron-cm`);
}
# minio end
#grafana
grafanaSecret = kubectl get -n devtroncd secret devtron-grafana-cred-secret;
hasgrafana = kubectl get -n devtroncd deployment devtron-grafana;
grafanaPassword = jsonSelect(grafanaSecret, "data.admin-password");
if !grafanaPassword {
log ("not found");
grafanaPassword = shellScript passwordGen;
}
grafanaPasswordPlain = base64DecoderPrefix + `echo "` + grafanaPassword + `" | tr -d ':\n' ` + base64DecoderSuffix;
grafanaPasswordPlain = shellScript grafanaPasswordPlain;
kubeYamlEdit(grafana, "data.admin-password", grafanaPassword, `/Secret//devtron-grafana-cred-secret`);
grafanaUrl = baseURLScheme + "://%s:%s@" + baseURL + "/grafana";
grafanaUrlWithPwd = baseURLScheme + "://admin:"+ grafanaPasswordPlain + "@" + baseURL + "/grafana";
grafanaIni = `[analytics]
check_for_updates = true
[auth.anonymous]
enabled = true
org_name = devtron-metrics-view
org_role = Viewer
[grafana_net]
url = https://grafana.net
[log]
mode = console
[paths]
data = /var/lib/grafana/data
logs = /var/log/grafana
plugins = /var/lib/grafana/plugins
provisioning = /etc/grafana/provisioning
[security]
allow_embedding = true
[server]
root_url = ` + baseURLScheme + "://" + baseURL + `/grafana
serve_from_sub_path = true
[users]
allow_org_create = true
`;
kubeYamlEdit(grafana, `data.grafana\.ini`, grafanaIni, `/ConfigMap/devtroncd/devtron-grafana`);
grafana = kubectl apply -n devtroncd grafana -u grafanaOverride;
log("setup grafana");
if !hasgrafana {
createOrgScript = shebang + `
sleep 50
ORG_ID=$( curl -d '{"name":"devtron-metrics-view"}' -H "Content-Type: application/json" -X POST '` + grafanaUrlWithPwd + `/api/orgs' )
echo $ORG_ID
`;
createOrg = shellScript createOrgScript;
log("created org " + createOrg);
orgId = jsonSelect(createOrg, "orgId");
if !orgId {
orgId = "2";
}
activeOrgScript = shebang + `
curl -X POST '` + grafanaUrlWithPwd + `/api/user/using/` + orgId +`'`;
activeOrg = shellScript activeOrgScript;
log("activated org");
setPreferenceScript = shebang + `
curl -X PUT -H "Content-Type: application/json" -d '{"homeDashboardId":0,"theme":"light","timezone":"browser"}' '`+ grafanaUrlWithPwd + `/api/org/preferences'`;
setPreference = shellScript setPreferenceScript;
log("set preference");
prometheusDatasourceScript = shebang + `
curl '` + grafanaUrlWithPwd + `/api/datasources' \
-H 'content-type: application/json' \
-H 'x-grafana-org-id: ` + orgId + `' \
--data-raw '{"name":"Prometheus-devtron","type":"prometheus","access":"proxy","isDefault":true}'
`;
prometheusDatasource = shellScript prometheusDatasourceScript;
log("data source setup step 1");
datasourceId = jsonSelect(prometheusDatasource, "datasource.id");
log("datasource id " + datasourceId);
prometheusDatasourceScriptUpdate = shebang + `
curl '` + grafanaUrlWithPwd + `/api/datasources/` + datasourceId + `' -X PUT \
-H 'content-type: application/json' \
-H 'x-grafana-org-id: ` + orgId + `' \
--data-raw '{"id":` + datasourceId +` ,
"orgId":` + orgId + `,
"name":"Prometheus-devtron","type":"prometheus","access":"proxy",
"url":"` + prometheusUrl + `",
"basicAuth":true,"jsonData":{},"version":1}'
`;
prometheusDatasourceUpdate = shellScript prometheusDatasourceScriptUpdate;
log("data source setup step 2");
grafanaDashboardProvider = `
apiVersion: 1
providers:
- disableDeletion: true
editable: false
folder: ""
name: devtron-provider
options:
path: /var/lib/grafana/dashboards/devtron-provider
orgId: `+ orgId + `
type: file
`;
grafanaCm = kubectl get -n devtroncd cm devtron-grafana;
jsonEdit(grafanaCm, `data.dashboardproviders\.yaml`, grafanaDashboardProvider);
grafanaCm = kubectl apply -n devtroncd grafanaCm;
log("setup up grafana cm with provider yaml");
allDevtroncdPo = kubectl get po -n devtroncd;
grafanaPodnamePattern = `items.#(metadata.name%"devtron-grafana*").metadata.name`;
grafanaPodname = jsonSelect(allDevtroncdPo, grafanaPodnamePattern);
grafanaPoddelete = kubectl delete -n devtroncd po grafanaPodname;
log("deleted grafana pod to reload configmap");
}
namespaces = kubectl apply namespace;
log("created namespaces");
sa = kubectl apply serviceAccount;
log("created service account");
#externalSecret
externalSecretAmazonRegion = base64EncoderPrefix + `echo "` + externalSecretAmazonRegion + `" | tr -d ':\n' ` + base64EncoderSuffix;
externalSecretAmazonRegion = shellScript externalSecretAmazonRegion;
kubeYamlEdit(externalSecret, "data.AWS_REGION", externalSecretAmazonRegion, `/Secret//devtron-kubernetes-external-secret`);
externalSecret = kubectl apply -n devtroncd externalSecret -u externalSecretOverride;
log("created external secret");
#postgresql
# if postgres already installed skip installation
hasPostgresql = kubectl get sts postgresql-postgresql -n devtroncd;
if !hasPostgresql {
kubeYamlEdit(postgresql, "data.postgresql-password", postgresqlPassword, `/Secret//postgresql-postgresql`);
postgresql = kubectl apply -n devtroncd postgresql -u postgresqlOverride;
log("created postgresql");
}
#argocd
hasArgocd = kubectl get deployment argocd-server -n devtroncd;
helmRepo = `- name: incubator
type: helm
url: https://charts.helm.sh/incubator
- name: devtron-charts
type: helm
url: https://devtron-charts.s3.us-east-2.amazonaws.com/charts
- name: stable
type: helm
url: https://charts.helm.sh/stable`;
kubeYamlEdit(argocd, `data.repositories`, helmRepo, `/ConfigMap//argocd-cm` );
kubeYamlEdit(argocd, "data.url", baseURLScheme + "://" + baseURL, `/ConfigMap//argocd-cm`);
if dexConfig {
kubeYamlEdit(argocd, `data.dex\.config`, dexConfig, `/ConfigMap//argocd-cm`);
}
kubeYamlEdit(argocd, `data.policy\.default`, `role:admin`, `/ConfigMap//argocd-rbac-cm`);
# patchLoad = '{"data":{"url":"' + baseURL + '", "dex.config:"' + dexConfig + '}}';
# pa = kubectl patch -n devtroncd cm/argocd-cm --type "application/merge-patch+json" -p patchLoad;
kubeYamlEdit(argocd, `subjects.0.namespace`, "devtroncd", `rbac.authorization.k8s.io/ClusterRoleBinding//argocd-application-controller`);
kubeYamlEdit(argocd, `subjects.0.namespace`, "devtroncd", `rbac.authorization.k8s.io/ClusterRoleBinding//argocd-server`);
if hasArgocd {
kubeYamlDelete(argocd, filter=`/ConfigMap//argocd-cm`);
kubeYamlDelete(argocd, filter=`/ConfigMap//argocd-rbac-cm`);
kubeYamlDelete(argocd, filter=`/Secret//argocd-secret`);
kubeYamlDelete(argocd, filter=`/ConfigMap//argocd-ssh-known-hosts-cm`);
kubeYamlDelete(argocd, filter=`/ConfigMap//argocd-tls-certs-cm`);
}
argocd = kubectl apply -n devtroncd argocd -u argocdOverride;
#patchLoad = '{"data":{"url":"' + baseURL + '", "dex.config:"' + dexConfig + '}}';
#pa = kubectl patch -n devtroncd cm/argocd-cm --type "application/merge-patch+json" -p patchLoad;
log("executed argocd setup command");
#rollout
rollout = kubectl apply -n devtroncd rollout -u rolloutOverride;
log("executed rollout setup command");
#git-sensor
kubeYamlEdit(gitSensor, "data.PG_PASSWORD", postgresqlPassword, `/Secret//git-sensor-secret`);
#notifier
kubeYamlEdit(notifier, "data.DB_PWD", postgresqlPassword, `/Secret//notifier-secret`);
kubeYamlEdit(notifier, "data.BASE_URL", baseURLScheme + "://" + baseURL, `/ConfigMap//notifier-cm`);
#image-scanner
kubeYamlEdit(imageScanner, "data.PG_PASSWORD", postgresqlPassword, `/Secret//image-scanner-secret`);
#lens
kubeYamlEdit(lens, "data.PG_PASSWORD", postgresqlPassword, `/Secret//lens-secret`);
#migrator
#delete migrator job
migDelete = kubectl delete -n devtroncd job postgresql-migrate-devtron postgresql-migrate-casbin postgresql-migrate-gitsensor postgresql-migrate-lens;
if !migDelete {
log("migration job deletion failed");
}
kubeYamlEdit(migrator, "data.DB_PASSWORD", postgresqlPassword, `/Secret//postgresql-migrator`);
migrator = kubectl apply -n devtroncd migrator -u migratorOverride;
log("executed migrator setup command");
#nats
natsOperator = kubectl apply -n devtroncd natsOperator -u natsOperatorOverride;
log("executed nats operator setup");
ignore = shellScript sleep50;
natsServer = kubectl apply -n devtroncd natsServer -u natsServerOverride;
log("executed nats server setup");
natsStreaming = kubectl apply -n devtroncd natsStreaming -u natsStreamingOverride;
log("executed nats streaming setup");
#guard
makeCertsDir = `#!/bin/bash
mkdir -p /tmp/certs`;
makeCertsDir = shellScript makeCertsDir;
######Generating raw urls
certGen_raw = REPO_RAW_URL + LTAG + "/generate_certificate.sh";
grumpyConfig_raw = REPO_RAW_URL + LTAG + "/grumpy_config.txt";
caConfig_raw = REPO_RAW_URL + LTAG + "/ca_config.txt";
######Downloading the manifests
certGen = download(certGen_raw);
grumpyConfig = download(grumpyConfig_raw, "/tmp/certs/grumpy_config.txt");
caConfig = download(caConfig_raw, "/tmp/certs/ca_config.txt");
certs = shellScript certGen;
crt = base64EncoderPrefix + "cat /tmp/certs/grumpy-crt.pem" + base64EncoderSuffix;
crt = shellScript crt;
key = base64EncoderPrefix + "cat /tmp/certs/grumpy-key.pem" + base64EncoderSuffix;
key = shellScript key;
cacrt = base64EncoderPrefix + "cat /tmp/certs/ca.crt" + base64EncoderSuffix;
cacrt = shellScript cacrt;
kubeYamlEdit(guard, `data.cert\.pem`, crt, `/Secret//guard-secret`);
kubeYamlEdit(guard, `data.key\.pem`, key, `/Secret//guard-secret`);
kubeYamlEdit(guard, "webhooks.0.clientConfig.caBundle", cacrt, `admissionregistration.k8s.io/ValidatingWebhookConfiguration//grumpy`);
# devtron
hasDevtron = kubectl get deployment "devtron" -n devtroncd;
orchToken = shellScript passwordGen;
webHookToken = shellScript passwordGen;
dexSecret = shellScript passwordGen;
dexJwtKey = shellScript passwordGen;
dexCStoreKey = shellScript passwordGen;
externalCIAPISecret = shellScript passwordGen;
kubeYamlEdit(devtron, "data.PG_PASSWORD", postgresqlPassword, `/Secret//devtron-secret`);
if cloudProvider=="AZURE" {
kubeYamlEdit(devtron, "data.AZURE_ACCOUNT_KEY", azureAccountKey, `/Secret//devtron-secret`);
}
#fix this, as this will result in fields getting changed, if exists then we need to pull existing values and apply again
# populate acd password
allDevtroncdPo = kubectl get po -n devtroncd;
argocdPodNameSelector = `items.#(metadata.labels.app\.kubernetes\.io/name=="argocd-server").metadata.name`;
acdPassword = jsonSelect(allDevtroncdPo, argocdPodNameSelector);
acdPassword = base64EncoderPrefix + `echo "` + acdPassword + `" | tr -d ':\n' ` + base64EncoderSuffix;
acdPassword = shellScript acdPassword;
if hasDevtron {
devtronSecret = kubectl get secret -n devtroncd devtron-secret;
texternalCIAPISecret = jsonSelect(devtronSecret, "data.EXTERNAL_CI_API_SECRET");
if texternalCIAPISecret {
externalCIAPISecret = texternalCIAPISecret;
}
twebHookToken = jsonSelect(devtronSecret, "data.WEBHOOK_TOKEN");
if twebHookToken {
webHookToken = twebHookToken;
}
torchToken = jsonSelect(devtronSecret, "data.ORCH_TOKEN");
if torchToken {
orchToken = torchToken;
}
tdexSecret = jsonSelect(devtronSecret, "data.DEX_SECRET");
if tdexSecret {
dexSecret = tdexSecret;
}
tdexJwtKey = jsonSelect(devtronSecret, "data.DEX_JWTKEY");
if tdexJwtKey {
dexJwtKey = tdexJwtKey;
}
tdexCStoreKey = jsonSelect(devtronSecret, "data.DEX_CSTOREKEY");
if tdexCStoreKey {
dexCStoreKey = tdexCStoreKey;
}
tacdPassword = jsonSelect(devtronSecret, "data.ACD_PASSWORD");
if tacdPassword {
acdPassword = tacdPassword;
}
}
kubeYamlEdit(devtron, "data.EXTERNAL_CI_API_SECRET", externalCIAPISecret, `/Secret//devtron-secret`);
kubeYamlEdit(devtron, "data.WEBHOOK_TOKEN", webHookToken, `/Secret//devtron-secret`);
kubeYamlEdit(devtron, "data.ORCH_TOKEN", orchToken, `/Secret//devtron-secret`);
kubeYamlEdit(devtron, "data.DEX_SECRET", dexSecret, `/Secret//devtron-secret`);
kubeYamlEdit(devtron, "data.DEX_JWTKEY", dexJwtKey, `/Secret//devtron-secret`);
kubeYamlEdit(devtron, "data.DEX_CSTOREKEY", dexCStoreKey, `/Secret//devtron-secret`);
kubeYamlEdit(devtron, "data.ACD_PASSWORD", acdPassword, `/Secret//devtron-secret`);
kubeYamlEdit(devtron, "data.GRAFANA_PASSWORD", grafanaPassword, `/Secret//devtron-secret`);
kubeYamlEdit(devtron, "data.EXTERNAL_CI_WEB_HOOK_URL", baseURLScheme + "://" + baseURL+"/orchestrator/webhook/ext-ci", `/ConfigMap//devtron-cm`);
kubeYamlEdit(devtron, "data.DEFAULT_CD_LOGS_BUCKET_REGION", defaultCDLogsBucketRegion, `/ConfigMap//devtron-cm`);
kubeYamlEdit(devtron, "data.DEFAULT_CACHE_BUCKET", defaultCacheBucket, `/ConfigMap//devtron-cm`);
kubeYamlEdit(devtron, "data.DEFAULT_CACHE_BUCKET_REGION", defaultCacheBucketRegion, `/ConfigMap//devtron-cm`);
kubeYamlEdit(devtron, "data.DEFAULT_BUILD_LOGS_BUCKET", defaultBuildLogsBucket, `/ConfigMap//devtron-cm`);
kubeYamlEdit(devtron, "data.GRAFANA_URL", grafanaUrl, `/ConfigMap//devtron-cm`);
# set default cloud provider
if !cloudProvider {
cloudProvider="S3";
}
kubeYamlEdit(devtron, "data.BLOB_STORAGE_PROVIDER", cloudProvider, `/ConfigMap//devtron-cm`);
if cloudProvider=="AZURE" {
kubeYamlEdit(devtron, "data.AZURE_ACCOUNT_NAME", azureAccountName, `/ConfigMap//devtron-cm`);
kubeYamlEdit(devtron, "data.AZURE_BLOB_CONTAINER_CI_LOG", azureBlobContainerCiLog, `/ConfigMap//devtron-cm`);
kubeYamlEdit(devtron, "data.AZURE_BLOB_CONTAINER_CI_CACHE", azureBlobContainerCiCache, `/ConfigMap//devtron-cm`);
}
externaSecretRegion = `env:
AWS_REGION: ` + externalSecretAmazonRegion;
kubeYamlEdit(devtron, `data.dt-k8s-external-secrets\.yaml`, externaSecretRegion, `/ConfigMap//devtron-cluster-components`);
if !setupDevtronIngress {
kubeYamlEdit(devtron, "spec.type", "LoadBalancer", `/Service//devtron-service`);
}
devtron = kubectl apply -n devtroncd devtron -u devtronOverride;
log("executed devtron setup");
if devtronIngressAnnotations {
log("editing ingress");
kubeYamlEdit(devtronDexIngress, "metadata.annotations", devtronIngressAnnotations, `extensions/Ingress//devtron-ingress`, "asObject");
}
if setupDevtronIngress {
log("fetch ingress");
existingIngress = kubectl get -n devtroncd ing devtron-ingress;
}
if existingIngress {
annotations = jsonSelect(existingIngress, "metadata.annotations");
}
if annotations {
kubeYamlEdit(devtronDexIngress, "metadata.annotations", annotations, `extensions/Ingress//devtron-ingress`, "asObject");
}
if setupDevtronIngress {
log("setup ingress");
devtronDexIngress = kubectl apply -n devtroncd devtronDexIngress -u devtronDexIngressOverride;
}
log("executed devtron ingress setup");
guard = kubectl apply -n devtroncd guard -u guardOverride;
log("executed guard setup");
dashboard = kubectl apply -n devtroncd dashboard -u dashboardOverride;
log("executed dashboard setup");
gitSensor = kubectl apply -n devtroncd gitSensor -u gitSensorOverride;
log("executed git sensor setup");
imageScanner = kubectl apply -n devtroncd imageScanner -u imageScannerOverride;
log("executed image scanner setup");
kubewatch = kubectl apply -n devtroncd kubewatch -u kubewatchOverride;
log("executed kubewatch setup");
lens = kubectl apply -n devtroncd lens -u lensOverride;
log("executed lens setup");
notifier = kubectl apply -n devtroncd notifier -u notifierOverride;
log("executed notifier setup");
if cloudProvider=="AZURE" {
# ---------------- workflow secret start
workflowSecret = `
apiVersion: v1
data:
accessKey: `;
workflowSecret = workflowSecret + azureAccountNameEncoded;
workflowSecret = workflowSecret + `
secretKey: `;
workflowSecret = workflowSecret + azureAccountKey;
workflowSecret = workflowSecret + `
kind: Secret
metadata:
name: workflow-minio-cred
namespace: devtron-ci
type: Opaque
`;
#----------------- workflow secret end
workflowSecret = kubectl apply workflowSecret;
}
if cloudProvider=="MINIO" {
# ---------------- workflow secret start
workflowSecret = `
apiVersion: v1
data:
accessKey: `;
workflowSecret = workflowSecret + minioAccesskey;
workflowSecret = workflowSecret + `
secretKey: `;
workflowSecret = workflowSecret + minioSecretkey;
workflowSecret = workflowSecret + `
kind: Secret
metadata:
name: workflow-minio-cred
namespace: devtron-ci
type: Opaque
`;
#----------------- workflow secret end
workflowSecret = kubectl apply workflowSecret;
}
workflowConfig = `parallelism: 50
artifactRepository:
archiveLogs: true
s3:`;
if cloudProvider=="S3" {
workflowConfig = workflowConfig +`
endpoint: s3.amazonaws.com
bucket: `;
workflowConfig = workflowConfig + defaultBuildLogsBucket;
workflowConfig = workflowConfig + `
region: `;
workflowConfig = workflowConfig + defaultCacheBucketRegion;
} else if cloudProvider=="AZURE"{
workflowConfig = workflowConfig +`
bucket: `;
workflowConfig = workflowConfig + azureBlobContainerCiLog;
workflowConfig = workflowConfig +`
insecure: true #omit for S3/GCS. Needed when minio runs without TLS
accessKeySecret: #omit if accessing via AWS IAM
name: workflow-minio-cred
key: accessKey
secretKeySecret: #omit if accessing via AWS IAM
name: workflow-minio-cred
key: secretKey
endpoint: devtron-minio.devtroncd:9000`;
}else if cloudProvider=="MINIO"{
workflowConfig = workflowConfig +`
bucket: `;
workflowConfig = workflowConfig + defaultBuildLogsBucket;
workflowConfig = workflowConfig +`
insecure: true #omit for S3/GCS. Needed when minio runs without TLS
accessKeySecret: #omit if accessing via AWS IAM
name: workflow-minio-cred
key: accessKey
secretKeySecret: #omit if accessing via AWS IAM
name: workflow-minio-cred
key: secretKey
endpoint: devtron-minio.devtroncd:9000`;
}
workflowConfig = workflowConfig + `
keyFormat: devtron/{{workflow.name}}
containerRuntimeExecutor: pns
executor:
imagePullPolicy: Always`;
kubeYamlEdit(workflow, "data.config", workflowConfig, `/ConfigMap//workflow-controller-configmap`);
workflow = kubectl apply -n argo workflow -u workflowOverride;
log("executed workflow setup");
postgresPlainPwd = base64DecoderPrefix + `echo "` + postgresqlPassword + `" | tr -d ':\n' ` + base64DecoderSuffix;
postgresPlainPwd = shellScript postgresPlainPwd;
clairPosrgresUrl = "postgres://postgres:"+ postgresPlainPwd +"@postgresql-postgresql.devtroncd:5432/clair?sslmode=disable";
yamlEdit(clairConfig, "clair.database.options.source", clairPosrgresUrl, 0);
clairEncodedConfig = base64EncoderPrefix + `echo "` + clairConfig + `"` + base64EncoderSuffix;
clairEncodedConfig = shellScript clairEncodedConfig;
kubeYamlEdit(clair, `data.config\.yaml`, clairEncodedConfig, `/Secret//clair`);
clair = kubectl apply -n devtroncd clair -u clairOverride;
log("executed clair setup");