def deploy_oauth2_proxy( oauth2_proxy_config: Oauth2ProxyConfig, chart_dir: str, deployment_name: str, ): not_empty(deployment_name) cfg_factory = global_ctx().cfg_factory() kubernetes_config = cfg_factory.kubernetes( oauth2_proxy_config.kubernetes_config_name()) kube_ctx.set_kubecfg(kubernetes_config.kubeconfig()) ingress_config = cfg_factory.ingress(oauth2_proxy_config.ingress_config()) helm_values = create_oauth2_proxy_helm_values( oauth2_proxy_config=oauth2_proxy_config, ingress_config=ingress_config, deployment_name=deployment_name, config_factory=cfg_factory, ) execute_helm_deployment( kubernetes_config, oauth2_proxy_config.namespace(), chart_dir, deployment_name, helm_values, )
def deploy_gardenlinux_cache( kubernetes_config: KubernetesConfig, gardenlinux_cache_config: GardenlinuxCacheConfig, chart_dir: str, deployment_name: str, ): not_empty(deployment_name) cfg_factory = global_ctx().cfg_factory() chart_dir = os.path.abspath(chart_dir) kube_ctx.set_kubecfg(kubernetes_config.kubeconfig()) ensure_cluster_version(kubernetes_config) ingress_config = cfg_factory.ingress( gardenlinux_cache_config.ingress_config()) helm_values = create_gardenlinux_cache_helm_values( gardenlinux_cache_config=gardenlinux_cache_config, ingress_config=ingress_config, ) execute_helm_deployment( kubernetes_config, gardenlinux_cache_config.namespace(), chart_dir, deployment_name, helm_values, )
def deploy_monitoring_landscape( kubernetes_cfg: KubernetesConfig, concourse_cfg: ConcourseConfig, cfg_factory: ConfigFactory, ): # Set the global context to the cluster specified in KubernetesConfig kube_ctx.set_kubecfg(kubernetes_cfg.kubeconfig()) ensure_cluster_version(kubernetes_cfg) monitoring_namespace = kubernetes_cfg.monitoring().namespace() # deploy kube-state-metrics kube_state_metrics_helm_values = create_kube_state_metrics_helm_values( monitoring_cfg=kubernetes_cfg.monitoring()) execute_helm_deployment( kubernetes_cfg, monitoring_namespace, 'stable/kube-state-metrics', 'kube-state-metrics', kube_state_metrics_helm_values, ) # deploy postgresql exporter postgresql_helm_values = create_postgresql_helm_values( concourse_cfg=concourse_cfg, cfg_factory=cfg_factory, ) execute_helm_deployment( kubernetes_cfg, monitoring_namespace, 'stable/prometheus-postgres-exporter', 'prometheus-postgres-exporter', postgresql_helm_values, )
def deploy_oauth2_proxy( kubernetes_config: KubernetesConfig, oauth2_proxy_config: Oauth2ProxyConfig, deployment_name: str, ): not_empty(deployment_name) cfg_factory = global_ctx().cfg_factory() kube_ctx.set_kubecfg(kubernetes_config.kubeconfig()) ensure_cluster_version(kubernetes_config) ingress_config = cfg_factory.ingress(oauth2_proxy_config.ingress_config()) helm_values = create_oauth2_proxy_helm_values( oauth2_proxy_config=oauth2_proxy_config, ingress_config=ingress_config, deployment_name=deployment_name, ) execute_helm_deployment( kubernetes_config, oauth2_proxy_config.namespace(), 'stable/oauth2-proxy', deployment_name, helm_values, )
def deploy_webhook_dispatcher_landscape( cfg_set, webhook_dispatcher_deployment_cfg: WebhookDispatcherDeploymentConfig, chart_dir: str, deployment_name: str, ): not_empty(deployment_name) chart_dir = os.path.abspath(chart_dir) cfg_factory = global_ctx().cfg_factory() # Set the global context to the cluster specified in KubernetesConfig kubernetes_config_name = webhook_dispatcher_deployment_cfg.kubernetes_config_name( ) kubernetes_config = cfg_factory.kubernetes(kubernetes_config_name) kube_ctx.set_kubecfg(kubernetes_config.kubeconfig()) kubernetes_cfg_name = webhook_dispatcher_deployment_cfg.kubernetes_config_name( ) kubernetes_cfg = cfg_factory.kubernetes(kubernetes_cfg_name) whd_helm_values = create_webhook_dispatcher_helm_values( cfg_set=cfg_set, webhook_dispatcher_deployment_cfg=webhook_dispatcher_deployment_cfg, config_factory=cfg_factory, ) execute_helm_deployment(kubernetes_cfg, deployment_name, chart_dir, deployment_name, whd_helm_values)
def deploy_tekton_dashboard_ingress( kubernetes_config: KubernetesConfig, tekton_dashboard_ingress_config: TektonDashboardIngressConfig, chart_dir: str, deployment_name: str, ): not_empty(deployment_name) cfg_factory = global_ctx().cfg_factory() chart_dir = os.path.abspath(chart_dir) kube_ctx.set_kubecfg(kubernetes_config.kubeconfig()) ensure_cluster_version(kubernetes_config) ingress_config = cfg_factory.ingress( tekton_dashboard_ingress_config.ingress_config()) helm_values = create_tekton_dashboard_helm_values( tekton_dashboard_ingress_config=tekton_dashboard_ingress_config, ingress_config=ingress_config, ) execute_helm_deployment( kubernetes_config, tekton_dashboard_ingress_config.namespace(), chart_dir, deployment_name, helm_values, )
def deploy_webhook_dispatcher_landscape( cfg_set, webhook_dispatcher_deployment_cfg: WebhookDispatcherDeploymentConfig, chart_dir: str, deployment_name: str, ): not_empty(deployment_name) chart_dir = os.path.abspath(chart_dir) cfg_factory = global_ctx().cfg_factory() # Set the global context to the cluster specified in KubernetesConfig kubernetes_config_name = webhook_dispatcher_deployment_cfg.kubernetes_config_name( ) kubernetes_config = cfg_factory.kubernetes(kubernetes_config_name) kube_ctx.set_kubecfg(kubernetes_config.kubeconfig()) ensure_cluster_version(kubernetes_config) # TLS config tls_config_name = webhook_dispatcher_deployment_cfg.tls_config_name() tls_config = cfg_factory.tls_config(tls_config_name) tls_secret_name = "webhook-dispatcher-tls" info('Creating tls-secret ...') create_tls_secret( tls_config=tls_config, tls_secret_name=tls_secret_name, namespace=deployment_name, ) kubernetes_cfg_name = webhook_dispatcher_deployment_cfg.kubernetes_config_name( ) kubernetes_cfg = cfg_factory.kubernetes(kubernetes_cfg_name) whd_helm_values = create_webhook_dispatcher_helm_values( cfg_set=cfg_set, webhook_dispatcher_deployment_cfg=webhook_dispatcher_deployment_cfg, cfg_factory=cfg_factory, ) execute_helm_deployment(kubernetes_cfg, deployment_name, chart_dir, deployment_name, whd_helm_values)
def deploy_whitesource_api_extension( whitesource_cfg: WhitesourceConfig, kubernetes_cfg: KubernetesConfig, chart_dir: str = os.path.join(paths.chartdirt, 'whitesource-api-extension'), deployment_name: str = 'whitesource-api-extension', ): not_empty(deployment_name) chart_dir = os.path.abspath(chart_dir) # Set the global context to the cluster specified in KubernetesConfig kube_ctx.set_kubecfg(kubernetes_cfg) execute_helm_deployment( kubernetes_config=kubernetes_cfg, namespace=whitesource_cfg.namespace(), chart_name=chart_dir, release_name=deployment_name, )
def deploy_or_upgrade_landscape( config_set_name: CliHint(typehint=str, help=CONFIG_SET_HELP), components: CliHint( type=LandscapeComponent, typehint=[LandscapeComponent], choices=[component for component in LandscapeComponent], help= "list of components to deploy. By default, ALL components will be deployed." ) = None, webhook_dispatcher_chart_dir: CliHint( typehint=str, help="directory of webhook dispatcher chart", ) = None, concourse_deployment_name: CliHint( typehint=str, help="namespace and deployment name for Concourse") = 'concourse', timeout_seconds: CliHint( typehint=int, help="how long to wait for concourse startup") = 180, webhook_dispatcher_deployment_name: str = 'webhook-dispatcher', dry_run: bool = True, ): '''Deploys the given components of the Concourse landscape. ''' # handle default (all known components) if not components: components = [component for component in LandscapeComponent] # Validate if LandscapeComponent.WHD in components: if not webhook_dispatcher_chart_dir: raise ValueError( f"--webhook-dispatcher-chart-dir must be given if component " f"'{LandscapeComponent.WHD.value}' is to be deployed.") else: webhook_dispatcher_chart_dir = existing_dir( webhook_dispatcher_chart_dir) _display_info( dry_run=dry_run, operation="DEPLOYED", deployment_name=concourse_deployment_name, components=components, ) if dry_run: return cfg_factory = ctx().cfg_factory() config_set = cfg_factory.cfg_set(config_set_name) concourse_cfg = config_set.concourse() # Set the global kubernetes cluster context to the cluster specified in the ConcourseConfig kubernetes_config_name = concourse_cfg.kubernetes_cluster_config() kubernetes_cfg = cfg_factory.kubernetes(kubernetes_config_name) kube_ctx.set_kubecfg(kubernetes_cfg.kubeconfig()) ensure_cluster_version(kubernetes_cfg) if LandscapeComponent.SECRETS_SERVER in components: info('Deploying Secrets Server') deploy_secrets_server(config_set_name=config_set_name, ) if LandscapeComponent.CONCOURSE in components: info('Deploying Concourse') deploy_or_upgrade_concourse( config_set_name=config_set_name, deployment_name=concourse_deployment_name, timeout_seconds=timeout_seconds, ) if LandscapeComponent.WHD in components: info('Deploying Webhook Dispatcher') deploy_or_upgrade_webhook_dispatcher( config_set_name=config_set_name, chart_dir=webhook_dispatcher_chart_dir, deployment_name=webhook_dispatcher_deployment_name, ) if LandscapeComponent.MONITORING in components: info('Deploying Monitoring stack') deploy_or_upgrade_monitoring(config_set_name=config_set_name, ) if LandscapeComponent.CLAMAV in components: info('Deploying ClamAV') deploy_or_upgrade_clamav(config_set_name=config_set_name, )
def deploy_monitoring_landscape( cfg_set: ConfigurationSet, cfg_factory: ConfigFactory, ): kubernetes_cfg = cfg_set.kubernetes() concourse_cfg = cfg_set.concourse() # Set the global context to the cluster specified in KubernetesConfig kube_ctx.set_kubecfg(kubernetes_cfg.kubeconfig()) ensure_cluster_version(kubernetes_cfg) monitoring_config_name = concourse_cfg.monitoring_config() monitoring_cfg = cfg_factory.monitoring(monitoring_config_name) monitoring_namespace = monitoring_cfg.namespace() tls_config_name = concourse_cfg.tls_config() tls_config = cfg_factory.tls_config(tls_config_name) # deploy kube-state-metrics kube_state_metrics_helm_values = create_kube_state_metrics_helm_values( monitoring_cfg=monitoring_cfg ) execute_helm_deployment( kubernetes_cfg, monitoring_namespace, 'stable/kube-state-metrics', 'kube-state-metrics', kube_state_metrics_helm_values, ) # deploy postgresql exporter postgresql_helm_values = create_postgresql_helm_values( concourse_cfg=concourse_cfg, cfg_factory=cfg_factory, ) execute_helm_deployment( kubernetes_cfg, monitoring_namespace, 'stable/prometheus-postgres-exporter', 'prometheus-postgres-exporter', postgresql_helm_values, ) # deploy ingresses for kube-state-metrics, postgresql exporter monitoring_tls_secret_name = monitoring_cfg.tls_secret_name() info('Creating tls-secret in monitoring namespace for kube-state-metrics and postgresql...') create_tls_secret( tls_config=tls_config, tls_secret_name=monitoring_tls_secret_name, namespace=monitoring_namespace, basic_auth_cred=BasicAuthCred( user=monitoring_cfg.basic_auth_user(), password=monitoring_cfg.basic_auth_pwd() ) ) ingress_helper = kube_ctx.ingress_helper() info('Create ingress for kube-state-metrics') ingress = generate_monitoring_ingress_object( secret_name=monitoring_tls_secret_name, namespace=monitoring_namespace, hosts=[monitoring_cfg.ingress_host(), monitoring_cfg.external_url()], service_name=monitoring_cfg.kube_state_metrics().service_name(), service_port=monitoring_cfg.kube_state_metrics().service_port(), ) ingress_helper.replace_or_create_ingress(monitoring_namespace, ingress) info('Create ingress for postgres-exporter') ingress = generate_monitoring_ingress_object( secret_name=monitoring_tls_secret_name, namespace=monitoring_namespace, hosts=[monitoring_cfg.ingress_host(), monitoring_cfg.external_url()], service_name=monitoring_cfg.postgresql_exporter().service_name(), service_port=monitoring_cfg.postgresql_exporter().service_port(), ) ingress_helper.replace_or_create_ingress(monitoring_namespace, ingress)
def deploy_concourse_landscape( config_name: str, deployment_name: str='concourse', timeout_seconds: int='180' ): not_empty(config_name) ensure_helm_setup() # Fetch all the necessary config config_factory = global_ctx().cfg_factory() config_set = config_factory.cfg_set(cfg_name=config_name) concourse_cfg = config_set.concourse() # Set the global context to the cluster specified in the ConcourseConfig kubernetes_config_name = concourse_cfg.kubernetes_cluster_config() kubernetes_config = config_factory.kubernetes(kubernetes_config_name) kube_ctx.set_kubecfg(kubernetes_config.kubeconfig()) ensure_cluster_version(kubernetes_config) # Container-registry config image_pull_secret_name = concourse_cfg.image_pull_secret() container_registry = config_factory.container_registry(image_pull_secret_name) cr_credentials = container_registry.credentials() # TLS config tls_config_name = concourse_cfg.tls_config() tls_config = config_factory.tls_config(tls_config_name) tls_secret_name = concourse_cfg.tls_secret_name() # Secrets server secrets_server_config = config_set.secrets_server() # Helm config helm_chart_default_values_name = concourse_cfg.helm_chart_default_values_config() default_helm_values = config_factory.concourse_helmchart(helm_chart_default_values_name).raw helm_chart_values_name = concourse_cfg.helm_chart_values() custom_helm_values = config_factory.concourse_helmchart(helm_chart_values_name).raw info('Creating default image-pull-secret ...') create_image_pull_secret( credentials=cr_credentials, image_pull_secret_name=image_pull_secret_name, namespace=deployment_name, ) info('Creating tls-secret ...') create_tls_secret( tls_config=tls_config, tls_secret_name=tls_secret_name, namespace=deployment_name, ) info('Deploying secrets-server ...') deploy_secrets_server( secrets_server_config=secrets_server_config, ) info('Deploying Concourse ...') warning( 'Teams will not be set up properly on Concourse if the deployment times out, ' 'even if Helm eventually succeeds. In this case, run the deployment command again after ' 'Concourse is available.' ) instance_specific_helm_values = create_instance_specific_helm_values( concourse_cfg=concourse_cfg, config_factory=config_factory, ) chart_version = concourse_cfg.helm_chart_version() execute_helm_deployment( kubernetes_config, deployment_name, 'stable/concourse', deployment_name, default_helm_values, custom_helm_values, instance_specific_helm_values, chart_version=chart_version, ) info('Waiting until the webserver can be reached ...') deployment_helper = kube_ctx.deployment_helper() is_web_deployment_available = deployment_helper.wait_until_deployment_available( namespace=deployment_name, name='concourse-web', timeout_seconds=timeout_seconds, ) if not is_web_deployment_available: fail( dedent( """No Concourse webserver reachable after {t} second(s). Check status of Pods created by "concourse-web"-deployment in namespace {ns} """ ).format( t = timeout_seconds, ns = deployment_name, ) ) info('Webserver became accessible.') # Even though the deployment is available, the ingress might need a few seconds to update. time.sleep(3) info('Setting teams on Concourse ...') set_teams(config=concourse_cfg)
def deploy_or_upgrade_landscape( config_set_name: CliHint(typehint=str, help=CONFIG_SET_HELP), components: CliHint( type=LandscapeComponent, typehint=[LandscapeComponent], choices=[component for component in LandscapeComponent], help="list of components to deploy. By default, ALL components will be deployed." )=None, webhook_dispatcher_chart_dir: CliHint( typehint=str, help="directory of webhook dispatcher chart", )=None, gardenlinux_cache_chart_dir: CliHint( typehint=str, help="directory of gardenlinux-cache chart", )=None, concourse_deployment_name: CliHint( typehint=str, help="namespace and deployment name for Concourse" )='concourse', whitesource_backend_chart_dir: CliHint( typehint=str, help="directory of Whitesource Backend chart", )=None, whitesource_backend_deployment_name: CliHint( typehint=str, help="namespace and deployment name for Whitesource" )='whitesource-backend', whitesource_cfg_name: CliHint( typehint=str, help='Whitesource Config', )='gardener', timeout_seconds: CliHint(typehint=int, help="how long to wait for concourse startup")=180, webhook_dispatcher_deployment_name: str='webhook-dispatcher', gardenlinux_cache_deployment_name: str='gardenlinux-cache', dry_run: bool=True, ): '''Deploys the given components of the Concourse landscape. ''' # handle default (all known components) if not components: components = [component for component in LandscapeComponent] # Validate if LandscapeComponent.WHD in components: if not webhook_dispatcher_chart_dir: raise ValueError( f"--webhook-dispatcher-chart-dir must be given if component " f"'{LandscapeComponent.WHD.value}' is to be deployed." ) else: webhook_dispatcher_chart_dir = existing_dir(webhook_dispatcher_chart_dir) if LandscapeComponent.GARDENLINUX_CACHE in components: if not gardenlinux_cache_chart_dir: raise ValueError( f"--gardenlinux-cache-chart-dir must be given if component " f"'{LandscapeComponent.GARDENLINUX_CACHE.value}' is to be deployed." ) else: gardenlinux_cache_chart_dir = existing_dir(gardenlinux_cache_chart_dir) _display_info( dry_run=dry_run, operation="DEPLOYED", deployment_name=concourse_deployment_name, components=components, ) if dry_run: return cfg_factory = ctx().cfg_factory() config_set = cfg_factory.cfg_set(config_set_name) concourse_cfg = config_set.concourse() # Set the global kubernetes cluster context to the cluster specified in the ConcourseConfig kubernetes_config_name = concourse_cfg.kubernetes_cluster_config() kubernetes_cfg = cfg_factory.kubernetes(kubernetes_config_name) kube_ctx.set_kubecfg(kubernetes_cfg.kubeconfig()) if LandscapeComponent.SECRETS_SERVER in components: info('Deploying Secrets Server') deploy_secrets_server( config_set_name=config_set_name, ) if LandscapeComponent.CONCOURSE in components: info('Deploying Concourse') deploy_or_upgrade_concourse( config_set_name=config_set_name, deployment_name=concourse_deployment_name, timeout_seconds=timeout_seconds, ) if LandscapeComponent.WHD in components: info('Deploying Webhook Dispatcher') deploy_or_upgrade_webhook_dispatcher( config_set_name=config_set_name, chart_dir=webhook_dispatcher_chart_dir, deployment_name=webhook_dispatcher_deployment_name, ) if LandscapeComponent.CLAMAV in components: info ('Deploying ClamAV') deploy_or_upgrade_clamav( config_set_name=config_set_name, ) if LandscapeComponent.GARDENLINUX_CACHE in components: info ('Deploying Gardenlinux Cache') deploy_or_upgrade_gardenlinux_cache( config_set_name=config_set_name, chart_dir=gardenlinux_cache_chart_dir, deployment_name=gardenlinux_cache_deployment_name, ) if LandscapeComponent.WHITESOURCE_BACKEND in components: info ('Deploying Whitesource Backend') extra_args = {} if whitesource_backend_deployment_name: extra_args['deployment_name'] = whitesource_backend_deployment_name if whitesource_cfg_name: extra_args['whitesource_cfg_name'] = whitesource_cfg_name if whitesource_backend_chart_dir: extra_args['chart_dir'] = whitesource_backend_chart_dir deploy_or_upgrade_whitesource_api_extension( config_set_name=config_set_name, **extra_args, )
def deploy_monitoring_landscape( cfg_set: ConfigurationSet, cfg_factory: ConfigFactory, ): kubernetes_cfg = cfg_set.kubernetes() concourse_cfg = cfg_set.concourse() ingress_cfg = cfg_set.ingress(concourse_cfg.ingress_config()) # Set the global context to the cluster specified in KubernetesConfig kube_ctx.set_kubecfg(kubernetes_cfg.kubeconfig()) ensure_cluster_version(kubernetes_cfg) monitoring_config_name = concourse_cfg.monitoring_config() monitoring_cfg = cfg_factory.monitoring(monitoring_config_name) monitoring_namespace = monitoring_cfg.namespace() # deploy kube-state-metrics kube_state_metrics_helm_values = create_kube_state_metrics_helm_values( monitoring_cfg=monitoring_cfg ) execute_helm_deployment( kubernetes_cfg, monitoring_namespace, 'stable/kube-state-metrics', 'kube-state-metrics', kube_state_metrics_helm_values, ) # deploy postgresql exporter postgresql_helm_values = create_postgresql_helm_values( concourse_cfg=concourse_cfg, cfg_factory=cfg_factory, ) execute_helm_deployment( kubernetes_cfg, monitoring_namespace, 'stable/prometheus-postgres-exporter', 'prometheus-postgres-exporter', postgresql_helm_values, ) # deploy ingresses for kube-state-metrics, postgresql exporter monitoring_tls_secret_name = monitoring_cfg.tls_secret_name() monitoring_basic_auth_secret_name = monitoring_cfg.basic_auth_secret_name() info( 'Creating basic-auth-secret in monitoring namespace for ' 'kube-state-metrics and postgresql...' ) create_basic_auth_secret( secret_name=monitoring_basic_auth_secret_name, namespace=monitoring_namespace, basic_auth_cred=BasicAuthCred( user=monitoring_cfg.basic_auth_user(), password=monitoring_cfg.basic_auth_pwd() ) ) # we need to create two ingress objects since nginx-ingress does not support rewrites for # multiple paths unless the premium version is used. NOTE: only one ingress should use # gardener-managed dns. Otherwise the dns-controller will periodically complain that the # dns-entry is busy as they share the same host ingress_helper = kube_ctx.ingress_helper() info('Create ingress for kube-state-metrics') ingress = generate_monitoring_ingress_object( basic_auth_secret_name=monitoring_basic_auth_secret_name, tls_secret_name=monitoring_tls_secret_name, namespace=monitoring_namespace, external_url=monitoring_cfg.external_url(), ingress_host=monitoring_cfg.ingress_host(), service_name=monitoring_cfg.kube_state_metrics().service_name(), service_port=monitoring_cfg.kube_state_metrics().service_port(), ingress_config=ingress_cfg, managed_dns=True, ) ingress_helper.replace_or_create_ingress(monitoring_namespace, ingress) info('Create ingress for postgres-exporter') ingress = generate_monitoring_ingress_object( basic_auth_secret_name=monitoring_basic_auth_secret_name, tls_secret_name=monitoring_tls_secret_name, namespace=monitoring_namespace, external_url=monitoring_cfg.external_url(), ingress_host=monitoring_cfg.ingress_host(), service_name=monitoring_cfg.postgresql_exporter().service_name(), service_port=monitoring_cfg.postgresql_exporter().service_port(), ingress_config=ingress_cfg, managed_dns=False, ) ingress_helper.replace_or_create_ingress(monitoring_namespace, ingress)