Skip to content

Commit

Permalink
Run and Stop Command Support (#188)
Browse files Browse the repository at this point in the history 
* run and stop commands

End to end deployment and exposure in your cluster

* Docs update
  • Loading branch information
@prom3theu5
prom3theu5 authored May 9, 2024
1 parent 305cd5a commit 0d2a7c3
Show file tree
Hide file tree
Showing 47 changed files with 876 additions and 145 deletions.
1 change: 1 addition & 0 deletions docs/Writerside/hi.tree
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
<toc-element topic="Init-Command.md"/>
<toc-element topic="Build-Command.md"/>
<toc-element topic="Generate-Command.md"/>
<toc-element topic="Run-Command.md"/>
<toc-element topic="Apply-Manifests.md"/>
<toc-element topic="Removing-Manifests-from-a-Cluster.md"/>
<toc-element topic="Non-Interactive-Invocation.md"/>
Expand Down
1 change: 0 additions & 1 deletion docs/Writerside/topics/Apply-Manifests.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,5 @@ If you have a secret file, you will be prompted to enter the password to decrypt
| --kube-context | -k | `ASPIRATE_KUBERNETES_CONTEXT` | The name of the kubernetes context within your kubeconfig to apply / deploy manifests to. |
| --secret-password | | `ASPIRATE_SECRET_PASSWORD` | If using secrets, or you have a secret file - Specify the password to decrypt them |
| --non-interactive | | `ASPIRATE_NON_INTERACTIVE` | Disables interactive mode for the command |
| --secret-provider | | `ASPIRATE_SECRET_PROVIDER` | The secret provider to use. Defaults to `Password`. Can be `Password` or `Base64` |
| --disable-secrets | | `ASPIRATE_DISABLE_SECRETS` | Disables secrets management features. |
| --rolling-restart | -r | `ASPIRATE_ROLLING_RESTART` | Perform a rollout restart of deployments directly after applying the manifests. Defaults to `false` |
1 change: 0 additions & 1 deletion docs/Writerside/topics/Build-Command.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,6 @@ The command will first create the manifest file, however, this can be overridden
| --container-repository-prefix | | `ASPIRATE_CONTAINER_REPOSITORY_PREFIX` | The Container Repository Prefix to use as the fall-back value for all containers. |
| --container-builder | | `ASPIRATE_CONTAINER_BUILDER` | The Container Builder: can be `docker` or `podman`. The default is `docker`. |
| --non-interactive | | `ASPIRATE_NON_INTERACTIVE` | Disables interactive mode for the command |
| --secret-provider | | `ASPIRATE_SECRET_PROVIDER` | The secret provider to use. Defaults to `Password`. Can be `Password` or `Base64` |
| --disable-secrets | | `ASPIRATE_DISABLE_SECRETS` | Disables secrets management features. |
| --runtime-identifier | | `ASPIRATE_RUNTIME_IDENTIFIER` | Sets the runtime identifier for project builds. Defaults to `linux-x64`. |
| --compose-build | | | Can be included one or more times to set certain dockerfile resource building to be handled by the compose file. This will skip build and push in aspirate. |
3 changes: 1 addition & 2 deletions docs/Writerside/topics/Environmental-Variables.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ aspirate generate

All environmental variables are prefixed with `ASPIRATE_`.

The following environmental variables are available:
The following is a selection of environmental variables are available (Each of the command pages lists all possible env vars for a command):

| Name | Description | Default Value |
|--------------------------------------------|-----------------------------------------------------------------------------|-------------------|
Expand All @@ -29,7 +29,6 @@ The following environmental variables are available:
| `ASPIRATE_OUTPUT_PATH` | The path to the output directory. | `%output-dir%` |
| `ASPIRATE_PROJECT_PATH` | The path to the project directory. | `.` |
| `ASPIRATE_SECRET_PASSWORD` | The password to use for secrets decryption. | |
| `ASPIRATE_SECRET_PROVIDER` | The secret provider to use. | `Password` |
| `ASPIRATE_SKIP_BUILD` | Skips the build process. | `false` |
| `ASPIRATE_SKIP_FINAL_KUSTOMIZE_GENERATION` | Skips the final kustomize generation process. | `false` |
| `ASPIRATE_TEMPLATE_PATH` | The path to the template directory. | `` |
Expand Down
1 change: 0 additions & 1 deletion docs/Writerside/topics/Generate-Command.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,6 @@ a Helm chart is what's classed as an "Ejected Deployment" and is not managed by
| --container-repository-prefix | | `ASPIRATE_CONTAINER_REPOSITORY_PREFIX` | The Container Repository Prefix to use as the fall-back value for all containers. |
| --container-builder | | `ASPIRATE_CONTAINER_BUILDER` | The Container Builder: can be `docker` or `podman`. The default is `docker`. |
| --image-pull-policy | | `ASPIRATE_IMAGE_PULL_POLICY` | The image pull policy to use for all containers in generated manifests. Can be `Always`, `Never` or `IfNotPresent`. For your local docker desktop cluster - use `IfNotPresent` |
| --secret-provider | | `ASPIRATE_SECRET_PROVIDER` | The secret provider to use. Defaults to `Password`. Can be `Password` or `Base64` |
| --disable-secrets | | `ASPIRATE_DISABLE_SECRETS` | Disables secrets management features. |
| --output-format | | `ASPIRATE_OUTPUT_FORMAT` | Sets the output manifest format. Defaults to `kustomize`. Can be `kustomize`, `helm` or `compose`. |
| --runtime-identifier | | `ASPIRATE_RUNTIME_IDENTIFIER` | Sets the runtime identifier for project builds. Defaults to `linux-x64`. |
Expand Down
2 changes: 1 addition & 1 deletion docs/Writerside/topics/Generating-Secrets.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,5 +24,5 @@ If you already have existing secrets, you will then be presented with a menu all
>
> You will be prompted to enter a new password to encrypt the secrets with. This treats the secret state as being empty, and will generate new secrets for all protectable values in the aspire manifest.
After secrets have been generated, they will be encrypted and stored in the `%secrets-file%` file in the `%output-dir%` directory.
After secrets have been generated, they will be encrypted and stored in the `aspirate-state.json` file.
The `generate` command will then move on to manifest generation.
1 change: 0 additions & 1 deletion docs/Writerside/topics/Init-Command.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,5 +25,4 @@ The `init` command allows you to bootstrap certain settings for an aspire projec
| --container-image-tag | -ct | `ASPIRATE_CONTAINER_IMAGE_TAG` | The Container Image Tag to use as the fall-back value for all containers. |
| --template-path | -tp | `ASPIRATE_TEMPLATE_PATH` | The path to the templates directory. |
| --non-interactive | | `ASPIRATE_NON_INTERACTIVE` | Disables interactive mode for the command |
| --secret-provider | | `ASPIRATE_SECRET_PROVIDER` | The secret provider to use. Defaults to `Password`. Can be `Password` or `Base64` |
| --disable-secrets | | `ASPIRATE_DISABLE_SECRETS` | Disables secrets management features. |
4 changes: 2 additions & 2 deletions docs/Writerside/topics/Managing-Secrets.md
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
# Managing Secrets

During the `generate` and `apply` processes, you will be prompted to input a password.
This password is used to encrypt your secrets in the secret file, named `%secrets-file%`, located in the `%output-dir%` directory.
This password is used to encrypt your secrets in the state file, named aspirate-state.json

> **Note**
>
> This password is not stored anywhere, and is only used to encrypt and decrypt the secrets file.
> This password is not stored anywhere, and is only used to encrypt and decrypt the secrets within the state file.
> If you lose this password, you will be unable to access your secrets and will need to use the `generate` command to create a new one.
{style="warning"}
1 change: 0 additions & 1 deletion docs/Writerside/topics/Removing-Manifests-from-a-Cluster.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,5 +18,4 @@ If you have a secret file, these secrets will be removed as well. This command d
| --input-path | -i | `ASPIRATE_INPUT_PATH` | The path for the kustomize manifests directory. Defaults to `%output-dir%` |
| --kube-context | -k | `ASPIRATE_KUBERNETES_CONTEXT` | The name of the kubernetes context within your kubeconfig to apply / deploy manifests to. |
| --non-interactive | | `ASPIRATE_NON_INTERACTIVE` | Disables interactive mode for the command |
| --secret-provider | | `ASPIRATE_SECRET_PROVIDER` | The secret provider to use. Defaults to `Password`. Can be `Password` or `Base64` |
| --disable-secrets | | `ASPIRATE_DISABLE_SECRETS` | Disables secrets management features. |
47 changes: 47 additions & 0 deletions docs/Writerside/topics/Run-Command.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
# Running Solution Directly

The run command is used to run the solution directly from the AppHost directory against a cluster within your KUBECONFIG.

The command will first create the manifest file, however, this can be overridden if you pass in the path
to an existing manifest file using the `--aspire-manifest` or `-m` flag and supplying the path.

```bash
aspirate run
```

```bash
aspirate run -m ./manifest.json
```

To clean-up after using the run command, you can use the `Stop` command.

```bash
aspirate stop
```

This deletes anything added to the Namespace within the state file, and removes the namespace.

## Cli Options (Optional)

| Option | Alias | Environmental Variable Counterpart | Description |
|-------------------------------|-------|----------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| --project-path | -p | `ASPIRATE_PROJECT_PATH` | The path to the aspire project. |
| --aspire-manifest | -m | `ASPIRATE_ASPIRE_MANIFEST_PATH` | The aspire manifest file to use |
| --skip-build | | `ASPIRATE_SKIP_BUILD` | Skips build and Push of containers. |
| --namespace | | `ASPIRATE_NAMESPACE` | Generates a Kubernetes Namespace resource, and applies the namespace to all generated resources. Will be used at deployment time. |
| --container-image-tag | -ct | `ASPIRATE_CONTAINER_IMAGE_TAG` | The Container Image Tag to use as the fall-back value for all containers. |
| --container-registry | -cr | `ASPIRATE_CONTAINER_REGISTRY` | The Container Registry to use as the fall-back value for all containers. |
| --container-repository-prefix | | `ASPIRATE_CONTAINER_REPOSITORY_PREFIX` | The Container Repository Prefix to use as the fall-back value for all containers. |
| --container-builder | | `ASPIRATE_CONTAINER_BUILDER` | The Container Builder: can be `docker` or `podman`. The default is `docker`. |
| --image-pull-policy | | `ASPIRATE_IMAGE_PULL_POLICY` | The image pull policy to use for all containers in generated manifests. Can be `Always`, `Never` or `IfNotPresent`. For your local docker desktop cluster - use `IfNotPresent` |
| --disable-secrets | | `ASPIRATE_DISABLE_SECRETS` | Disables secrets management features. |
| --runtime-identifier | | `ASPIRATE_RUNTIME_IDENTIFIER` | Sets the runtime identifier for project builds. Defaults to `linux-x64`. |
| --secret-password | | `ASPIRATE_SECRET_PASSWORD` | If using secrets, or you have a secret file - Specify the password to decrypt them |
| --non-interactive | | `ASPIRATE_NON_INTERACTIVE` | Disables interactive mode for the command |
| --private-registry | | `ASPIRATE_PRIVATE_REGISTRY` | Enables usage of a private registry - which will produce image pull secret. |
| --private-registry-url | | `ASPIRATE_PRIVATE_REGISTRY_URL` | The url for the private registry |
| --private-registry-username | | `ASPIRATE_PRIVATE_REGISTRY_USERNAME` | The username for the private registry. This is required if passing `--private-registry`. |
| --private-registry-password | | `ASPIRATE_PRIVATE_REGISTRY_PASSWORD` | The password for the private registry. This is required if passing `--private-registry`. |
| --private-registry-email | | `ASPIRATE_PRIVATE_REGISTRY_EMAIL` | The email for the private registry. This is purely optional and will default to `[email protected]`. |
| --include-dashboard | | `ASPIRATE_INCLUDE_DASHBOARD` | Boolean flag to specify if the Aspire dashboard should also be included in deployments. |
| --clear-namespace | | `ASPIRATE_ALLOW_CLEAR_NAMESPACE` | Boolean flag to specify the specified namespace should automatically be cleaned during a deployment. |
11 changes: 2 additions & 9 deletions docs/Writerside/topics/Secret-Management.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,7 @@
Aspirate now includes built-in support for robust secret management, allowing you to easily encrypt sensitive data such as connection strings.
This feature is designed to increase security and minimize vulnerabilities.

Aspirate currently supports two secret providers, which can be selected using the command line options `--secret-provider`.

The default provider is `Password`, which uses AesGcm encryption to encrypt the secret's file using a password.
Aspir8 which uses AesGcm encryption to encrypt the secret's file using a password.
The user supplies this password during the `generate` and `apply` processes.
It's generated using Pbkdf2 with SHA256, one million iterations, and the hash and salt are stored in the secret file.
Secrets protected by this provider are only accessible to users who know the password, and are completely safe to store in a Git repository.

An alternative provider is `Base64`, which uses Base64 encoding to encode the secret within the secret file.
This provider is not recommended for production use, as the secrets are not encrypted and are therefore vulnerable to attack.
However, it's useful for testing and development purposes.
Secrets in this format should not be stored in a Git repository.
Secrets protected by this provider are only accessible to users who know the password, and are completely safe to store in a Git repository.
9 changes: 3 additions & 6 deletions docs/Writerside/topics/Secrets-File-Contents.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Secrets File Contents
# Secrets Contents

An example of the contents of a secret file when using the default `Password` provider is shown below:
An example of the contents of secrets within the state file are shown below:

```json
{
Expand All @@ -20,15 +20,12 @@ An example of the contents of a secret file when using the default `Password` pr
"catalogdbapp": {
"ConnectionStrings__catalogdb": "2hO/L8lfSH6BG5J1YKAxbgV8Jkg33lnuKqrPD5/kCk\u002BJZRhJz33KFWZnLIEL2P2Z52M3Nf3K55RUctdzR4rVtovBFtFJLqO4cCDXc2\u002BEleXzyn48vdEOJ37tmU1V0VLGPzFYsGjHV3DQ"
}
},
"secretsVersion": 1
}
}
```

The `salt` and `hash` properties are used to encrypt the secrets in the `secrets` property.

The `secretsVersion` property is used to track the version of the secret file format. Each time the format changes, this value will be incremented.

Each individual secret is encrypted using the `AesGcm` algorithm, using the `salt` and `hash` properties as the key.

The `secrets` property contains a dictionary of secrets, where the key is the name of the service, and the value is a dictionary of secrets for that service.
Expand Down
3 changes: 2 additions & 1 deletion docs/Writerside/v.list
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,8 @@
<!DOCTYPE vars SYSTEM "https://resources.jetbrains.com/writerside/1.0/vars.dtd">
<vars>
<var name="product" value="Aspir8"/>
<var name="secrets-file" value="aspirate-secrets.json" />
<var name="secrets-file" value="aspirate-state.json" />
<var name="state-file" value="aspirate-state.json" />
<var name="output-dir" value="./aspirate-output" />
<var name="aspire-manifest" value="manifest.json" />
</vars>
2 changes: 2 additions & 0 deletions src/Aspirate.Cli/AspirateCli.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,8 @@ private static string GetAppDataFolder()
public AspirateCli()
{
AddCommand(new InitCommand());
AddCommand(new RunCommand());
AddCommand(new StopCommand());
AddCommand(new GenerateCommand());
AddCommand(new BuildCommand());
AddCommand(new ApplyCommand());
Expand Down
Loading

0 comments on commit 0d2a7c3

Please sign in to comment.