feat(clustertool): remove the use of talos manifests in favor of kubectl

truecharts · Oct 24, 2024 · a71ee15 · a71ee15
1 parent 062874e
commit a71ee15
Show file tree

Hide file tree

Showing 11 changed files with 77 additions and 125 deletions.
diff --git a/clustertool/cmd/apply.go b/clustertool/cmd/apply.go
@@ -71,6 +71,10 @@ func RunApply(node string, extraArgs []string) {
 
     kubeconfigcmds := gencmd.GenKubeConfig(helper.TalEnv["VIP_IP"])
     gencmd.ExecCmd(kubeconfigcmds)
+
+    if helper.GetYesOrNo("Do you want to (re)load ssh, Sops and ClusterEnv onto the cluster? (yes/no) [y/n]: ") {
+
+    }
 }
 
 func init() {

diff --git a/clustertool/embed/generic/base/DOTREPLACEgitignore b/clustertool/embed/generic/base/DOTREPLACEgitignore
@@ -1,9 +1,15 @@
 talconfig.json
 clusterconfig
-patches/sopssecret.yaml
 patches/all.yaml
 patches/controlplane.yaml
-patches/manifests.yaml
 patches/worker.yaml
+*patches/all.yaml
+*patches/controlplane.yaml
+*patches/worker.yaml
+all.yaml
+controlplane.yaml
+worker.yaml
+*sopssecret.secret.yaml
+sopssecret.secret.yaml
 cluster/main/kubernetes/**/bootstrap-values.yaml.ct
 *kubeconfig
diff --git a/clustertool/embed/generic/base/talos/talconfig.yaml b/clustertool/embed/generic/base/talos/talconfig.yaml
@@ -41,9 +41,6 @@ nodes:
 controlPlane:
     patches:
         - '@./patches/controlplane.yaml'
-        - '@./patches/sopssecret.yaml'
-        - '@./patches/manifests.yaml'
-        # - '@./patches/nvidia.yaml'
     schematic:
         customization:
             extraKernelArgs:
@@ -64,7 +61,6 @@ controlPlane:
 worker:
     patches:
         - '@./patches/worker.yaml'
-        # - '@./patches/nvidia.yaml'
     schematic:
         customization:
             systemExtensions:

diff --git a/clustertool/embed/generic/patches/manifests.yaml b/clustertool/embed/generic/patches/manifests.yaml
diff --git a/clustertool/embed/generic/patches/sopssecret.yaml b/clustertool/embed/generic/patches/sopssecret.yaml
diff --git a/clustertool/pkg/fluxhandler/sshsecretgen.go b/clustertool/pkg/fluxhandler/sshsecretgen.go
@@ -127,41 +127,6 @@ func CreateGitSecret(gitURL string) error {
     return nil
 }
 
-func CreateSshPatch() {
-    log.Info().Msg("generating talospatch for flux ssh key...")
-    // Paths to the YAML files
-    secretPath := filepath.Join(helper.ClusterPath, "kubernetes", "flux-system", "flux", "deploykey.secret.yaml")
-    sopsPatchPath := filepath.Join(helper.ClusterPath, "talos", "patches", "sopssecret.yaml")
-
-    // Read the YAML file
-    yamlFile, err := ioutil.ReadFile(secretPath)
-    if err != nil {
-        log.Fatal().Err(err).Msg("error: %v")
-    }
-
-    // Unmarshal the YAML content into a Config struct
-    var config Config
-    err = yaml.Unmarshal(yamlFile, &config)
-    if err != nil {
-        log.Fatal().Err(err).Msg("error: %v")
-    }
-
-    // Extract the stringData content and convert it to a multi-line string
-    stringData, err := yaml.Marshal(config.StringData)
-    if err != nil {
-        log.Fatal().Err(err).Msg("error: %v")
-    }
-
-    // Convert byte array to string
-    deployKeyData := string(stringData)
-
-    // Replace the placeholder in sopspath.yaml
-    err = ReplacePlaceholder(sopsPatchPath, "REPLACEWITHDEPLOYKEY", indentYaml(deployKeyData, "        "))
-    if err != nil {
-        log.Fatal().Err(err).Msg("Failed to replace placeholder: %v")
-    }
-}
-
 // indentYaml indents each line of the YAML string with the specified indentation.
 func indentYaml(yamlStr, indent string) string {
     lines := strings.Split(yamlStr, "\n")

diff --git a/clustertool/pkg/gencmd/bootstrap.go b/clustertool/pkg/gencmd/bootstrap.go
@@ -158,6 +158,14 @@ func RunBootstrap(args []string) {
         }
     }
 
+    for _, filePath := range helper.ManifestPaths {
+        log.Info().Msgf("Bootstrap: Loading Manifest: %v", filePath)
+        if err := kubectlcmds.KubectlApply(ctx, filePath); err != nil {
+            log.Info().Msgf("Error applying manifest for %s: %v\n", filepath.Base(filePath), err)
+            os.Exit(1)
+        }
+    }
+
     log.Info().Msg("Bootstrap: Base Cluster Configuration Completed, continuing setup...")
     log.Info().Msg("Bootstrap: Confirming cluster health...")
     healthcmd := GenHealth(helper.TalEnv["VIP_IP"])

diff --git a/clustertool/pkg/gencmd/genconfig.go b/clustertool/pkg/gencmd/genconfig.go
@@ -27,8 +27,6 @@ func GenConfig(args []string) error {
     initfiles.GenSchema()
     initfiles.GenTalEnvConfigMap()
     initfiles.CheckEnvVariables()
-    initfiles.GenPatches()
-    fluxhandler.CreateSshPatch()
     genTalSecret()
     validateTalConfig(args)
     talhelperGenConfig()

diff --git a/clustertool/pkg/helper/vars.go b/clustertool/pkg/helper/vars.go
@@ -25,7 +25,13 @@ var (
     AllIPs          = []string{}
     ControlPlaneIPs = []string{}
     WorkerIPs       = []string{}
-    KubeFilterStr   = []string{
+    ManifestPaths   = []string{
+        filepath.Join("flux-system", "flux", "sopskey.secret.yaml"),
+        filepath.Join("flux-system", "flux", "deploykey.secret.yaml"),
+        filepath.Join("flux-system", "flux", "clustersettings.secret.yaml"),
+    }
+
+    KubeFilterStr = []string{
         ".*would violate PodSecurity.*",
     }
 

diff --git a/clustertool/pkg/initfiles/initfiles.go b/clustertool/pkg/initfiles/initfiles.go
@@ -14,12 +14,14 @@ import (
     "time"
 
     "github.com/rs/zerolog/log"
+    "gopkg.in/yaml.v2"
 
     age "filippo.io/age"
     talhelperCfg "github.com/budimanjojo/talhelper/v3/pkg/config"
     "github.com/invopop/jsonschema"
     "github.com/truecharts/public/clustertool/pkg/fluxhandler"
     "github.com/truecharts/public/clustertool/pkg/helper"
+    corev1 "k8s.io/api/core/v1"
 )
 
 func InitFiles() error {
@@ -34,7 +36,7 @@ func InitFiles() error {
     GenTalEnvConfigMap()
     UpdateGitRepo()
     fluxhandler.CreateGitSecret(helper.TalEnv["GITHUB_REPOSITORY"])
-    fluxhandler.CreateSshPatch()
+    GenSopsSecret()
     if err := fluxhandler.ProcessDirectory(path.Join(helper.ClusterPath, "kubernetes")); err != nil {
         log.Error().Msgf("Error: %v", err)
     }
@@ -277,29 +279,6 @@ func GenPatches() error {
 
     setDocker()
 
-    // Read the content of the talenv.yaml file
-    talenvContent, err := os.ReadFile(helper.ClusterPath + "/clusterenv.yaml")
-    if err != nil {
-        return err
-    }
-
-    // Convert the file content to a string and split it into lines
-    talenvLines := strings.Split(string(talenvContent), "\n")
-
-    // Add indentation to each line
-    for i, line := range talenvLines {
-        talenvLines[i] = "          " + line
-    }
-
-    // Join the indented lines back into a single string
-    indentedTalenvContent := strings.Join(talenvLines, "\n")
-
-    helper.ReplaceInFile(filepath.Join(helper.ClusterPath, "/talos/patches", "sopssecret.yaml"), "REPLACEWITHTALENV", indentedTalenvContent)
-    // log.Info().Msg("test", filepath.Join(helper.ClusterPath, "/talos/patches", "sopssecret.yaml"))
-    if err != nil {
-        log.Fatal().Err(err).Msg("Error: %s")
-    }
-
     return nil
 }
 
@@ -308,17 +287,18 @@ func setDocker() {
     if helper.TalEnv["DOCKERHUB_USER"] != "" && helper.TalEnv["DOCKERHUB_PASSWORD"] != "" {
         // Prepare the content to append
         configContent := fmt.Sprintf(`# Add Dockerhub Login
-  registries:
-    config:
-      registry-1.docker.io:
-        auth:
-          username: %s
-          password: %s
-      docker.io:
-        auth:
-          username: %s
-          password: %s
-
+- op: add
+  path: /machine/registries/config/registry-1.docker.io/auth/username
+  value: "%s"
+- op: add
+  path: /machine/registries/config/registry-1.docker.io/auth/password
+  value: "%s"
+- op: add
+  path: /machine/registries/config/docker.io/auth/username
+  value: "%s"
+- op: add
+  path: /machine/registries/config/docker.io/auth/password
+  value: "%s"
     `, helper.TalEnv["DOCKERHUB_USER"], helper.TalEnv["DOCKERHUB_PASSWORD"], helper.TalEnv["DOCKERHUB_USER"], helper.TalEnv["DOCKERHUB_PASSWORD"])
 
         // Open the file in append mode or create it if it doesn't exist
@@ -455,6 +435,41 @@ func GetSecKey() (string, error) {
     return secretKey, nil
 }
 
+func GenSopsSecret() error {
+    secretPath := filepath.Join(helper.ClusterPath, "kubernetes", "flux-system", "flux", "sopsscret.secret.yaml")
+    ageSecKey, err := GetSecKey()
+    // Generate Kubernetes secret YAML content
+    secret := map[string]interface{}{
+        "apiVersion": "v1",
+        "kind":       "Secret",
+        "metadata": map[string]interface{}{
+            "name":      "sops-age",
+            "namespace": "flux-system",
+        },
+        "stringData": map[string]interface{}{
+            "age.agekey": ageSecKey,
+        },
+        "type": string(corev1.SecretTypeOpaque),
+    }
+
+    secretYAML, err := yaml.Marshal(secret)
+    if err != nil {
+        return fmt.Errorf("failed to marshal secret to YAML: %w", err)
+    }
+
+    // Write Kubernetes secret YAML to file
+    err = os.MkdirAll(filepath.Dir(secretPath), 0755)
+    if err != nil {
+        return fmt.Errorf("failed to create directories: %w", err)
+    }
+    err = os.WriteFile(secretPath, secretYAML, 0644)
+    if err != nil {
+        return fmt.Errorf("failed to write secret YAML to file: %w", err)
+    }
+    log.Info().Msgf("Kubernetes secret YAML saved to: %s\n", secretPath)
+    return nil
+}
+
 func GenSchema() error {
     cfg := talhelperCfg.TalhelperConfig{}
     r := new(jsonschema.Reflector)

diff --git a/website/src/content/docs/clustertool/virtual-machines/virtualbox.md b/website/src/content/docs/clustertool/virtual-machines/virtualbox.md
@@ -49,7 +49,6 @@ By default ClusterTool installs the `qemu-guest-agent` extension. This is not co
 controlPlane:
     patches:
         - '@./patches/controlplane.yaml'
-        - '@./patches/sopssecret.yaml'
         - '@./patches/manifests.yaml'
         # - '@./patches/nvidia.yaml'
     schematic: