agent.go 23 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948
  1. package kubernetes
  2. import (
  3. "bufio"
  4. "bytes"
  5. "context"
  6. "encoding/json"
  7. "fmt"
  8. "io"
  9. "strings"
  10. "github.com/porter-dev/porter/internal/kubernetes/provisioner"
  11. "github.com/porter-dev/porter/internal/kubernetes/provisioner/aws"
  12. "github.com/porter-dev/porter/internal/kubernetes/provisioner/aws/ecr"
  13. "github.com/porter-dev/porter/internal/kubernetes/provisioner/aws/eks"
  14. "github.com/porter-dev/porter/internal/kubernetes/provisioner/do"
  15. "github.com/porter-dev/porter/internal/kubernetes/provisioner/do/docr"
  16. "github.com/porter-dev/porter/internal/kubernetes/provisioner/do/doks"
  17. "github.com/porter-dev/porter/internal/kubernetes/provisioner/gcp"
  18. "github.com/porter-dev/porter/internal/kubernetes/provisioner/gcp/gke"
  19. "github.com/porter-dev/porter/internal/models"
  20. "github.com/porter-dev/porter/internal/models/integrations"
  21. "github.com/porter-dev/porter/internal/oauth"
  22. "github.com/porter-dev/porter/internal/registry"
  23. "github.com/porter-dev/porter/internal/repository"
  24. "golang.org/x/oauth2"
  25. "github.com/gorilla/websocket"
  26. "github.com/porter-dev/porter/internal/helm/grapher"
  27. appsv1 "k8s.io/api/apps/v1"
  28. batchv1 "k8s.io/api/batch/v1"
  29. batchv1beta1 "k8s.io/api/batch/v1beta1"
  30. v1 "k8s.io/api/core/v1"
  31. v1beta1 "k8s.io/api/extensions/v1beta1"
  32. "k8s.io/apimachinery/pkg/api/errors"
  33. metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
  34. "k8s.io/apimachinery/pkg/runtime"
  35. "k8s.io/apimachinery/pkg/runtime/schema"
  36. "k8s.io/apimachinery/pkg/types"
  37. "k8s.io/cli-runtime/pkg/genericclioptions"
  38. "k8s.io/client-go/informers"
  39. "k8s.io/client-go/kubernetes"
  40. "k8s.io/client-go/rest"
  41. "k8s.io/client-go/tools/cache"
  42. "k8s.io/client-go/tools/remotecommand"
  43. "github.com/porter-dev/porter/internal/config"
  44. )
  45. // Agent is a Kubernetes agent for performing operations that interact with the
  46. // api server
  47. type Agent struct {
  48. RESTClientGetter genericclioptions.RESTClientGetter
  49. Clientset kubernetes.Interface
  50. }
  51. type Message struct {
  52. EventType string `json:"event_type"`
  53. Object interface{}
  54. Kind string
  55. }
  56. type ListOptions struct {
  57. FieldSelector string
  58. }
  59. // CreateConfigMap creates the configmap given the key-value pairs and namespace
  60. func (a *Agent) CreateConfigMap(name string, namespace string, configMap map[string]string) (*v1.ConfigMap, error) {
  61. return a.Clientset.CoreV1().ConfigMaps(namespace).Create(
  62. context.TODO(),
  63. &v1.ConfigMap{
  64. ObjectMeta: metav1.ObjectMeta{
  65. Name: name,
  66. Namespace: namespace,
  67. Labels: map[string]string{
  68. "porter": "true",
  69. },
  70. },
  71. Data: configMap,
  72. },
  73. metav1.CreateOptions{},
  74. )
  75. }
  76. // CreateLinkedSecret creates a secret given the key-value pairs and namespace. Values are
  77. // base64 encoded
  78. func (a *Agent) CreateLinkedSecret(name, namespace, cmName string, data map[string][]byte) (*v1.Secret, error) {
  79. return a.Clientset.CoreV1().Secrets(namespace).Create(
  80. context.TODO(),
  81. &v1.Secret{
  82. ObjectMeta: metav1.ObjectMeta{
  83. Name: name,
  84. Namespace: namespace,
  85. Labels: map[string]string{
  86. "porter": "true",
  87. "configmap": cmName,
  88. },
  89. },
  90. Data: data,
  91. },
  92. metav1.CreateOptions{},
  93. )
  94. }
  95. type mergeConfigMapData struct {
  96. Data map[string]*string `json:"data"`
  97. }
  98. // UpdateConfigMap updates the configmap given its name and namespace
  99. func (a *Agent) UpdateConfigMap(name string, namespace string, configMap map[string]string) error {
  100. cmData := make(map[string]*string)
  101. for key, val := range configMap {
  102. valCopy := val
  103. cmData[key] = &valCopy
  104. if len(val) == 0 {
  105. cmData[key] = nil
  106. }
  107. }
  108. mergeCM := &mergeConfigMapData{
  109. Data: cmData,
  110. }
  111. patchBytes, err := json.Marshal(mergeCM)
  112. if err != nil {
  113. return err
  114. }
  115. _, err = a.Clientset.CoreV1().ConfigMaps(namespace).Patch(
  116. context.Background(),
  117. name,
  118. types.MergePatchType,
  119. patchBytes,
  120. metav1.PatchOptions{},
  121. )
  122. return err
  123. }
  124. type mergeLinkedSecretData struct {
  125. Data map[string]*[]byte `json:"data"`
  126. }
  127. // UpdateLinkedSecret updates the secret given its name and namespace
  128. func (a *Agent) UpdateLinkedSecret(name, namespace, cmName string, data map[string][]byte) error {
  129. secretData := make(map[string]*[]byte)
  130. for key, val := range data {
  131. valCopy := val
  132. secretData[key] = &valCopy
  133. if len(val) == 0 {
  134. secretData[key] = nil
  135. }
  136. }
  137. mergeSecret := &mergeLinkedSecretData{
  138. Data: secretData,
  139. }
  140. patchBytes, err := json.Marshal(mergeSecret)
  141. if err != nil {
  142. return err
  143. }
  144. _, err = a.Clientset.CoreV1().Secrets(namespace).Patch(
  145. context.TODO(),
  146. name,
  147. types.MergePatchType,
  148. patchBytes,
  149. metav1.PatchOptions{},
  150. )
  151. return err
  152. }
  153. // DeleteConfigMap deletes the configmap given its name and namespace
  154. func (a *Agent) DeleteConfigMap(name string, namespace string) error {
  155. return a.Clientset.CoreV1().ConfigMaps(namespace).Delete(
  156. context.TODO(),
  157. name,
  158. metav1.DeleteOptions{},
  159. )
  160. }
  161. // DeleteLinkedSecret deletes the secret given its name and namespace
  162. func (a *Agent) DeleteLinkedSecret(name, namespace string) error {
  163. return a.Clientset.CoreV1().Secrets(namespace).Delete(
  164. context.TODO(),
  165. name,
  166. metav1.DeleteOptions{},
  167. )
  168. }
  169. // GetConfigMap retrieves the configmap given its name and namespace
  170. func (a *Agent) GetConfigMap(name string, namespace string) (*v1.ConfigMap, error) {
  171. return a.Clientset.CoreV1().ConfigMaps(namespace).Get(
  172. context.TODO(),
  173. name,
  174. metav1.GetOptions{},
  175. )
  176. }
  177. // ListConfigMaps simply lists namespaces
  178. func (a *Agent) ListConfigMaps(namespace string) (*v1.ConfigMapList, error) {
  179. return a.Clientset.CoreV1().ConfigMaps(namespace).List(
  180. context.TODO(),
  181. metav1.ListOptions{
  182. LabelSelector: "porter=true",
  183. },
  184. )
  185. }
  186. // ListNamespaces simply lists namespaces
  187. func (a *Agent) ListNamespaces() (*v1.NamespaceList, error) {
  188. return a.Clientset.CoreV1().Namespaces().List(
  189. context.TODO(),
  190. metav1.ListOptions{},
  191. )
  192. }
  193. // ListJobsByLabel lists jobs in a namespace matching a label
  194. type Label struct {
  195. Key string
  196. Val string
  197. }
  198. func (a *Agent) ListJobsByLabel(namespace string, labels ...Label) ([]batchv1.Job, error) {
  199. selectors := make([]string, 0)
  200. for _, label := range labels {
  201. selectors = append(selectors, fmt.Sprintf("%s=%s", label.Key, label.Val))
  202. }
  203. resp, err := a.Clientset.BatchV1().Jobs(namespace).List(
  204. context.TODO(),
  205. metav1.ListOptions{
  206. LabelSelector: strings.Join(selectors, ","),
  207. },
  208. )
  209. if err != nil {
  210. return nil, err
  211. }
  212. return resp.Items, nil
  213. }
  214. // GetJobPods lists all pods belonging to a job in a namespace
  215. func (a *Agent) GetJobPods(namespace, jobName string) ([]v1.Pod, error) {
  216. resp, err := a.Clientset.CoreV1().Pods(namespace).List(
  217. context.TODO(),
  218. metav1.ListOptions{
  219. LabelSelector: fmt.Sprintf("%s=%s", "job-name", jobName),
  220. },
  221. )
  222. if err != nil {
  223. return nil, err
  224. }
  225. return resp.Items, nil
  226. }
  227. // GetIngress gets ingress given the name and namespace
  228. func (a *Agent) GetIngress(namespace string, name string) (*v1beta1.Ingress, error) {
  229. return a.Clientset.ExtensionsV1beta1().Ingresses(namespace).Get(
  230. context.TODO(),
  231. name,
  232. metav1.GetOptions{},
  233. )
  234. }
  235. // GetDeployment gets the deployment given the name and namespace
  236. func (a *Agent) GetDeployment(c grapher.Object) (*appsv1.Deployment, error) {
  237. return a.Clientset.AppsV1().Deployments(c.Namespace).Get(
  238. context.TODO(),
  239. c.Name,
  240. metav1.GetOptions{},
  241. )
  242. }
  243. // GetStatefulSet gets the statefulset given the name and namespace
  244. func (a *Agent) GetStatefulSet(c grapher.Object) (*appsv1.StatefulSet, error) {
  245. return a.Clientset.AppsV1().StatefulSets(c.Namespace).Get(
  246. context.TODO(),
  247. c.Name,
  248. metav1.GetOptions{},
  249. )
  250. }
  251. // GetReplicaSet gets the replicaset given the name and namespace
  252. func (a *Agent) GetReplicaSet(c grapher.Object) (*appsv1.ReplicaSet, error) {
  253. return a.Clientset.AppsV1().ReplicaSets(c.Namespace).Get(
  254. context.TODO(),
  255. c.Name,
  256. metav1.GetOptions{},
  257. )
  258. }
  259. // GetDaemonSet gets the daemonset by name and namespace
  260. func (a *Agent) GetDaemonSet(c grapher.Object) (*appsv1.DaemonSet, error) {
  261. return a.Clientset.AppsV1().DaemonSets(c.Namespace).Get(
  262. context.TODO(),
  263. c.Name,
  264. metav1.GetOptions{},
  265. )
  266. }
  267. // GetJob gets the job by name and namespace
  268. func (a *Agent) GetJob(c grapher.Object) (*batchv1.Job, error) {
  269. return a.Clientset.BatchV1().Jobs(c.Namespace).Get(
  270. context.TODO(),
  271. c.Name,
  272. metav1.GetOptions{},
  273. )
  274. }
  275. // GetCronJob gets the CronJob by name and namespace
  276. func (a *Agent) GetCronJob(c grapher.Object) (*batchv1beta1.CronJob, error) {
  277. return a.Clientset.BatchV1beta1().CronJobs(c.Namespace).Get(
  278. context.TODO(),
  279. c.Name,
  280. metav1.GetOptions{},
  281. )
  282. }
  283. // GetPodsByLabel retrieves pods with matching labels
  284. func (a *Agent) GetPodsByLabel(selector string) (*v1.PodList, error) {
  285. // Search in all namespaces for matching pods
  286. return a.Clientset.CoreV1().Pods("").List(
  287. context.TODO(),
  288. metav1.ListOptions{
  289. LabelSelector: selector,
  290. },
  291. )
  292. }
  293. // DeletePod deletes a pod by name and namespace
  294. func (a *Agent) DeletePod(namespace string, name string) error {
  295. return a.Clientset.CoreV1().Pods(namespace).Delete(
  296. context.TODO(),
  297. name,
  298. metav1.DeleteOptions{},
  299. )
  300. }
  301. // GetPodLogs streams real-time logs from a given pod.
  302. func (a *Agent) GetPodLogs(namespace string, name string, conn *websocket.Conn) error {
  303. // get the pod to read in the list of contains
  304. pod, err := a.Clientset.CoreV1().Pods(namespace).Get(
  305. context.Background(),
  306. name,
  307. metav1.GetOptions{},
  308. )
  309. if err != nil {
  310. return fmt.Errorf("Cannot get pod %s: %s", name, err.Error())
  311. }
  312. container := pod.Spec.Containers[0].Name
  313. tails := int64(400)
  314. // follow logs
  315. podLogOpts := v1.PodLogOptions{
  316. Follow: true,
  317. TailLines: &tails,
  318. Container: container,
  319. }
  320. req := a.Clientset.CoreV1().Pods(namespace).GetLogs(name, &podLogOpts)
  321. podLogs, err := req.Stream(context.TODO())
  322. if err != nil {
  323. return fmt.Errorf("Cannot open log stream for pod %s: %s", name, err.Error())
  324. }
  325. defer podLogs.Close()
  326. r := bufio.NewReader(podLogs)
  327. errorchan := make(chan error)
  328. go func() {
  329. // listens for websocket closing handshake
  330. for {
  331. if _, _, err := conn.ReadMessage(); err != nil {
  332. defer conn.Close()
  333. errorchan <- nil
  334. return
  335. }
  336. }
  337. }()
  338. go func() {
  339. for {
  340. select {
  341. case <-errorchan:
  342. defer close(errorchan)
  343. return
  344. default:
  345. }
  346. bytes, err := r.ReadBytes('\n')
  347. if writeErr := conn.WriteMessage(websocket.TextMessage, bytes); writeErr != nil {
  348. errorchan <- writeErr
  349. return
  350. }
  351. if err != nil {
  352. if err != io.EOF {
  353. errorchan <- err
  354. return
  355. }
  356. errorchan <- nil
  357. return
  358. }
  359. }
  360. }()
  361. for {
  362. select {
  363. case err = <-errorchan:
  364. return err
  365. }
  366. }
  367. }
  368. // StopJobWithJobSidecar sends a termination signal to a job running with a sidecar
  369. func (a *Agent) StopJobWithJobSidecar(namespace, name string) error {
  370. jobPods, err := a.GetJobPods(namespace, name)
  371. if err != nil {
  372. return err
  373. }
  374. podName := jobPods[0].ObjectMeta.Name
  375. restConf, err := a.RESTClientGetter.ToRESTConfig()
  376. restConf.GroupVersion = &schema.GroupVersion{
  377. Group: "api",
  378. Version: "v1",
  379. }
  380. restConf.NegotiatedSerializer = runtime.NewSimpleNegotiatedSerializer(runtime.SerializerInfo{})
  381. restClient, err := rest.RESTClientFor(restConf)
  382. if err != nil {
  383. return err
  384. }
  385. req := restClient.Post().
  386. Resource("pods").
  387. Name(podName).
  388. Namespace(namespace).
  389. SubResource("exec")
  390. req.Param("command", "./signal.sh")
  391. req.Param("container", "sidecar")
  392. req.Param("stdin", "true")
  393. req.Param("stdout", "false")
  394. req.Param("tty", "false")
  395. exec, err := remotecommand.NewSPDYExecutor(restConf, "POST", req.URL())
  396. if err != nil {
  397. return err
  398. }
  399. return exec.Stream(remotecommand.StreamOptions{
  400. Tty: false,
  401. Stdin: strings.NewReader("./signal.sh"),
  402. })
  403. }
  404. // StreamControllerStatus streams controller status. Supports Deployment, StatefulSet, ReplicaSet, and DaemonSet
  405. // TODO: Support Jobs
  406. func (a *Agent) StreamControllerStatus(conn *websocket.Conn, kind string) error {
  407. factory := informers.NewSharedInformerFactory(
  408. a.Clientset,
  409. 0,
  410. )
  411. var informer cache.SharedInformer
  412. // Spins up an informer depending on kind. Convert to lowercase for robustness
  413. switch strings.ToLower(kind) {
  414. case "deployment":
  415. informer = factory.Apps().V1().Deployments().Informer()
  416. case "statefulset":
  417. informer = factory.Apps().V1().StatefulSets().Informer()
  418. case "replicaset":
  419. informer = factory.Apps().V1().ReplicaSets().Informer()
  420. case "daemonset":
  421. informer = factory.Apps().V1().DaemonSets().Informer()
  422. case "job":
  423. informer = factory.Batch().V1().Jobs().Informer()
  424. case "cronjob":
  425. informer = factory.Batch().V1beta1().CronJobs().Informer()
  426. }
  427. stopper := make(chan struct{})
  428. errorchan := make(chan error)
  429. defer close(errorchan)
  430. informer.AddEventHandler(cache.ResourceEventHandlerFuncs{
  431. UpdateFunc: func(oldObj, newObj interface{}) {
  432. msg := Message{
  433. EventType: "UPDATE",
  434. Object: newObj,
  435. Kind: strings.ToLower(kind),
  436. }
  437. if writeErr := conn.WriteJSON(msg); writeErr != nil {
  438. errorchan <- writeErr
  439. return
  440. }
  441. },
  442. AddFunc: func(obj interface{}) {
  443. msg := Message{
  444. EventType: "ADD",
  445. Object: obj,
  446. Kind: strings.ToLower(kind),
  447. }
  448. if writeErr := conn.WriteJSON(msg); writeErr != nil {
  449. errorchan <- writeErr
  450. return
  451. }
  452. },
  453. DeleteFunc: func(obj interface{}) {
  454. msg := Message{
  455. EventType: "DELETE",
  456. Object: obj,
  457. Kind: strings.ToLower(kind),
  458. }
  459. if writeErr := conn.WriteJSON(msg); writeErr != nil {
  460. errorchan <- writeErr
  461. return
  462. }
  463. },
  464. })
  465. go func() {
  466. // listens for websocket closing handshake
  467. for {
  468. if _, _, err := conn.ReadMessage(); err != nil {
  469. defer conn.Close()
  470. defer close(stopper)
  471. errorchan <- nil
  472. return
  473. }
  474. }
  475. }()
  476. go informer.Run(stopper)
  477. for {
  478. select {
  479. case err := <-errorchan:
  480. return err
  481. }
  482. }
  483. }
  484. // ProvisionECR spawns a new provisioning pod that creates an ECR instance
  485. func (a *Agent) ProvisionECR(
  486. projectID uint,
  487. awsConf *integrations.AWSIntegration,
  488. ecrName string,
  489. repo repository.Repository,
  490. infra *models.Infra,
  491. operation provisioner.ProvisionerOperation,
  492. pgConf *config.DBConf,
  493. redisConf *config.RedisConf,
  494. provImageTag string,
  495. ) (*batchv1.Job, error) {
  496. id := infra.GetUniqueName()
  497. prov := &provisioner.Conf{
  498. ID: id,
  499. Name: fmt.Sprintf("prov-%s-%s", id, string(operation)),
  500. Kind: provisioner.ECR,
  501. Operation: operation,
  502. Redis: redisConf,
  503. Postgres: pgConf,
  504. ProvisionerImageTag: provImageTag,
  505. LastApplied: infra.LastApplied,
  506. AWS: &aws.Conf{
  507. AWSRegion: awsConf.AWSRegion,
  508. AWSAccessKeyID: string(awsConf.AWSAccessKeyID),
  509. AWSSecretAccessKey: string(awsConf.AWSSecretAccessKey),
  510. },
  511. ECR: &ecr.Conf{
  512. ECRName: ecrName,
  513. },
  514. }
  515. return a.provision(prov, infra, repo)
  516. }
  517. // ProvisionEKS spawns a new provisioning pod that creates an EKS instance
  518. func (a *Agent) ProvisionEKS(
  519. projectID uint,
  520. awsConf *integrations.AWSIntegration,
  521. eksName, machineType string,
  522. repo repository.Repository,
  523. infra *models.Infra,
  524. operation provisioner.ProvisionerOperation,
  525. pgConf *config.DBConf,
  526. redisConf *config.RedisConf,
  527. provImageTag string,
  528. ) (*batchv1.Job, error) {
  529. id := infra.GetUniqueName()
  530. prov := &provisioner.Conf{
  531. ID: id,
  532. Name: fmt.Sprintf("prov-%s-%s", id, string(operation)),
  533. Kind: provisioner.EKS,
  534. Operation: operation,
  535. Redis: redisConf,
  536. Postgres: pgConf,
  537. ProvisionerImageTag: provImageTag,
  538. LastApplied: infra.LastApplied,
  539. AWS: &aws.Conf{
  540. AWSRegion: awsConf.AWSRegion,
  541. AWSAccessKeyID: string(awsConf.AWSAccessKeyID),
  542. AWSSecretAccessKey: string(awsConf.AWSSecretAccessKey),
  543. },
  544. EKS: &eks.Conf{
  545. ClusterName: eksName,
  546. MachineType: machineType,
  547. },
  548. }
  549. return a.provision(prov, infra, repo)
  550. }
  551. // ProvisionGCR spawns a new provisioning pod that creates a GCR instance
  552. func (a *Agent) ProvisionGCR(
  553. projectID uint,
  554. gcpConf *integrations.GCPIntegration,
  555. repo repository.Repository,
  556. infra *models.Infra,
  557. operation provisioner.ProvisionerOperation,
  558. pgConf *config.DBConf,
  559. redisConf *config.RedisConf,
  560. provImageTag string,
  561. ) (*batchv1.Job, error) {
  562. id := infra.GetUniqueName()
  563. prov := &provisioner.Conf{
  564. ID: id,
  565. Name: fmt.Sprintf("prov-%s-%s", id, string(operation)),
  566. Kind: provisioner.GCR,
  567. Operation: operation,
  568. Redis: redisConf,
  569. Postgres: pgConf,
  570. ProvisionerImageTag: provImageTag,
  571. LastApplied: infra.LastApplied,
  572. GCP: &gcp.Conf{
  573. GCPRegion: gcpConf.GCPRegion,
  574. GCPProjectID: gcpConf.GCPProjectID,
  575. GCPKeyData: string(gcpConf.GCPKeyData),
  576. },
  577. }
  578. return a.provision(prov, infra, repo)
  579. }
  580. // ProvisionGKE spawns a new provisioning pod that creates a GKE instance
  581. func (a *Agent) ProvisionGKE(
  582. projectID uint,
  583. gcpConf *integrations.GCPIntegration,
  584. gkeName string,
  585. repo repository.Repository,
  586. infra *models.Infra,
  587. operation provisioner.ProvisionerOperation,
  588. pgConf *config.DBConf,
  589. redisConf *config.RedisConf,
  590. provImageTag string,
  591. ) (*batchv1.Job, error) {
  592. id := infra.GetUniqueName()
  593. prov := &provisioner.Conf{
  594. ID: id,
  595. Name: fmt.Sprintf("prov-%s-%s", id, string(operation)),
  596. Kind: provisioner.GKE,
  597. Operation: operation,
  598. Redis: redisConf,
  599. Postgres: pgConf,
  600. ProvisionerImageTag: provImageTag,
  601. LastApplied: infra.LastApplied,
  602. GCP: &gcp.Conf{
  603. GCPRegion: gcpConf.GCPRegion,
  604. GCPProjectID: gcpConf.GCPProjectID,
  605. GCPKeyData: string(gcpConf.GCPKeyData),
  606. },
  607. GKE: &gke.Conf{
  608. ClusterName: gkeName,
  609. },
  610. }
  611. return a.provision(prov, infra, repo)
  612. }
  613. // ProvisionDOCR spawns a new provisioning pod that creates a DOCR instance
  614. func (a *Agent) ProvisionDOCR(
  615. projectID uint,
  616. doConf *integrations.OAuthIntegration,
  617. doAuth *oauth2.Config,
  618. repo repository.Repository,
  619. docrName, docrSubscriptionTier string,
  620. infra *models.Infra,
  621. operation provisioner.ProvisionerOperation,
  622. pgConf *config.DBConf,
  623. redisConf *config.RedisConf,
  624. provImageTag string,
  625. ) (*batchv1.Job, error) {
  626. // get the token
  627. oauthInt, err := repo.OAuthIntegration.ReadOAuthIntegration(
  628. infra.DOIntegrationID,
  629. )
  630. if err != nil {
  631. return nil, err
  632. }
  633. tok, _, err := oauth.GetAccessToken(oauthInt, doAuth, repo)
  634. if err != nil {
  635. return nil, err
  636. }
  637. id := infra.GetUniqueName()
  638. prov := &provisioner.Conf{
  639. ID: id,
  640. Name: fmt.Sprintf("prov-%s-%s", id, string(operation)),
  641. Kind: provisioner.DOCR,
  642. Operation: operation,
  643. Redis: redisConf,
  644. Postgres: pgConf,
  645. ProvisionerImageTag: provImageTag,
  646. LastApplied: infra.LastApplied,
  647. DO: &do.Conf{
  648. DOToken: tok,
  649. },
  650. DOCR: &docr.Conf{
  651. DOCRName: docrName,
  652. DOCRSubscriptionTier: docrSubscriptionTier,
  653. },
  654. }
  655. return a.provision(prov, infra, repo)
  656. }
  657. // ProvisionDOKS spawns a new provisioning pod that creates a DOKS instance
  658. func (a *Agent) ProvisionDOKS(
  659. projectID uint,
  660. doConf *integrations.OAuthIntegration,
  661. doAuth *oauth2.Config,
  662. repo repository.Repository,
  663. doRegion, doksClusterName string,
  664. infra *models.Infra,
  665. operation provisioner.ProvisionerOperation,
  666. pgConf *config.DBConf,
  667. redisConf *config.RedisConf,
  668. provImageTag string,
  669. ) (*batchv1.Job, error) {
  670. // get the token
  671. oauthInt, err := repo.OAuthIntegration.ReadOAuthIntegration(
  672. infra.DOIntegrationID,
  673. )
  674. if err != nil {
  675. return nil, err
  676. }
  677. tok, _, err := oauth.GetAccessToken(oauthInt, doAuth, repo)
  678. if err != nil {
  679. return nil, err
  680. }
  681. id := infra.GetUniqueName()
  682. prov := &provisioner.Conf{
  683. ID: id,
  684. Name: fmt.Sprintf("prov-%s-%s", id, string(operation)),
  685. Kind: provisioner.DOKS,
  686. Operation: operation,
  687. Redis: redisConf,
  688. Postgres: pgConf,
  689. LastApplied: infra.LastApplied,
  690. ProvisionerImageTag: provImageTag,
  691. DO: &do.Conf{
  692. DOToken: tok,
  693. },
  694. DOKS: &doks.Conf{
  695. DORegion: doRegion,
  696. DOKSClusterName: doksClusterName,
  697. },
  698. }
  699. return a.provision(prov, infra, repo)
  700. }
  701. // ProvisionTest spawns a new provisioning pod that tests provisioning
  702. func (a *Agent) ProvisionTest(
  703. projectID uint,
  704. infra *models.Infra,
  705. repo repository.Repository,
  706. operation provisioner.ProvisionerOperation,
  707. pgConf *config.DBConf,
  708. redisConf *config.RedisConf,
  709. provImageTag string,
  710. ) (*batchv1.Job, error) {
  711. id := infra.GetUniqueName()
  712. prov := &provisioner.Conf{
  713. ID: id,
  714. Name: fmt.Sprintf("prov-%s-%s", id, string(operation)),
  715. Operation: operation,
  716. Kind: provisioner.Test,
  717. Redis: redisConf,
  718. Postgres: pgConf,
  719. ProvisionerImageTag: provImageTag,
  720. }
  721. return a.provision(prov, infra, repo)
  722. }
  723. func (a *Agent) provision(
  724. prov *provisioner.Conf,
  725. infra *models.Infra,
  726. repo repository.Repository,
  727. ) (*batchv1.Job, error) {
  728. prov.Namespace = "default"
  729. job, err := prov.GetProvisionerJobTemplate()
  730. if err != nil {
  731. return nil, err
  732. }
  733. job, err = a.Clientset.BatchV1().Jobs(prov.Namespace).Create(
  734. context.TODO(),
  735. job,
  736. metav1.CreateOptions{},
  737. )
  738. if err != nil {
  739. return nil, err
  740. }
  741. infra.LastApplied = prov.LastApplied
  742. infra, err = repo.Infra.UpdateInfra(infra)
  743. if err != nil {
  744. return nil, err
  745. }
  746. return job, nil
  747. }
  748. // CreateImagePullSecrets will create the required image pull secrets and
  749. // return a map from the registry name to the name of the secret.
  750. func (a *Agent) CreateImagePullSecrets(
  751. repo repository.Repository,
  752. namespace string,
  753. linkedRegs map[string]*models.Registry,
  754. doAuth *oauth2.Config,
  755. ) (map[string]string, error) {
  756. res := make(map[string]string)
  757. for key, val := range linkedRegs {
  758. _reg := registry.Registry(*val)
  759. data, err := _reg.GetDockerConfigJSON(repo, doAuth)
  760. if err != nil {
  761. return nil, err
  762. }
  763. secretName := fmt.Sprintf("porter-%s-%d", val.Externalize().Service, val.ID)
  764. secret, err := a.Clientset.CoreV1().Secrets(namespace).Get(
  765. context.TODO(),
  766. secretName,
  767. metav1.GetOptions{},
  768. )
  769. // if not found, create the secret
  770. if err != nil && errors.IsNotFound(err) {
  771. _, err = a.Clientset.CoreV1().Secrets(namespace).Create(
  772. context.TODO(),
  773. &v1.Secret{
  774. ObjectMeta: metav1.ObjectMeta{
  775. Name: secretName,
  776. },
  777. Data: map[string][]byte{
  778. string(v1.DockerConfigJsonKey): data,
  779. },
  780. Type: v1.SecretTypeDockerConfigJson,
  781. },
  782. metav1.CreateOptions{},
  783. )
  784. if err != nil {
  785. return nil, err
  786. }
  787. // add secret name to the map
  788. res[key] = secretName
  789. continue
  790. } else if err != nil {
  791. return nil, err
  792. }
  793. // otherwise, check that the secret contains the correct data: if
  794. // if doesn't, update it
  795. if !bytes.Equal(secret.Data[v1.DockerConfigJsonKey], data) {
  796. _, err := a.Clientset.CoreV1().Secrets(namespace).Update(
  797. context.TODO(),
  798. &v1.Secret{
  799. ObjectMeta: metav1.ObjectMeta{
  800. Name: secretName,
  801. },
  802. Data: map[string][]byte{
  803. string(v1.DockerConfigJsonKey): data,
  804. },
  805. Type: v1.SecretTypeDockerConfigJson,
  806. },
  807. metav1.UpdateOptions{},
  808. )
  809. if err != nil {
  810. return nil, err
  811. }
  812. }
  813. // add secret name to the map
  814. res[key] = secretName
  815. }
  816. return res, nil
  817. }