Skip to content

Commit

Permalink
Enable HashiCups to be installed via the consul-k8s CLI (#6)
Browse files Browse the repository at this point in the history
* Add Ability to install an HCP self-managed cluster (#8)

* Add global.cloud to values.yaml

* Map global.cloud.secreeName to environment variables and hcl in command for server container.

* Adding cloud preset and validation for it.

* add parsing gnm response to struct.

* Added functionality and unit tests for SaveSecretsFromBootstrapConfig()

* Added functionality and unit tests for GetHelmConfigWithMapSecretNames

* Added functionality and unit tests for FetchAgentBootstrapConfig()

* Rename cloud_preset_installer to cloud_preset_helper

* hooked preset installer helper to install command.  have unit test that works like acceptance test.  passing.

* changing code to work with the certs that get generated from HCP.  affects setting -tls-server-name on get-auto-encrypt-client-ca, server-acl-init, and the acl-init init containers for clients.

* Adding CLI Output changes.

* Moving and consolidating cloud preset files

* Moved preset templates to implementations of a Preset interface

* removing upgrade tests

* change context.TODO() to context.Background()

* docstrings

* fixing description for preset flag to properly show the list ofvalid presets.

* Renaming coud_prset.go to cloud_set.go

* refactor out common logic from the local getPreset functions in install and uninstall commands.

* upgrade helm and k8s deps related to customize error.

* refactor to use hcp-sdk

* removing unused vars

* updated based on latest specs.

* Refactor usage of sdk client so that it properly picks up environment variables and starts oauth flow.

* Make proper use of the resourceid to supply the BootstrapParams.  Add the ability to pass in an http client to the install command and the CloudPreset so that TLS can be used with httptest mock server since tls is enforced for the oauth request in the hcp-sdk.

* updated to latest hcp-sdk-go-internal version

* include HCP_AUTH_URL and HCP_API_HOST in configuring server-statefulset

* Adding comment to server-statefulset and commenting out test

* update comment to correct hcp-go-sdk

* update bats test comments for -tls-server-name

* get rid of cli lint error

* removing manual test

* Apply suggestions from code review

Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>

* updating new secrets to not have quotes. using os.Unsetenv in tests

* adding global.cloud.enabled

* adding space in values.yaml

* Apply suggestions from code review

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>

* fixing test in install_test.go to have cleaner simpler logic around expecting errors.

* update function comments in cloud_preset.go

* updated conditional logic on server-statefulset.yaml to also look for cloud secret name in addition to cloud enabled when setting the cloud stanza

* updated getDeepyCopyOfValidBootstrapConfig() to get DeepCopy....

* removing unused test logic

Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>

* Add global.cloud to values.yaml

* Map global.cloud.secreeName to environment variables and hcl in command for server container.

* Adding cloud preset and validation for it.

* add parsing gnm response to struct.

* Added functionality and unit tests for SaveSecretsFromBootstrapConfig()

* Added functionality and unit tests for GetHelmConfigWithMapSecretNames

* Added functionality and unit tests for FetchAgentBootstrapConfig()

* Rename cloud_preset_installer to cloud_preset_helper

* hooked preset installer helper to install command.  have unit test that works like acceptance test.  passing.

* changing code to work with the certs that get generated from HCP.  affects setting -tls-server-name on get-auto-encrypt-client-ca, server-acl-init, and the acl-init init containers for clients.

* Adding CLI Output changes.

* Moving and consolidating cloud preset files

* Moved preset templates to implementations of a Preset interface

* removing upgrade tests

* change context.TODO() to context.Background()

* docstrings

* fixing description for preset flag to properly show the list ofvalid presets.

* Renaming coud_prset.go to cloud_set.go

* refactor out common logic from the local getPreset functions in install and uninstall commands.

* upgrade helm and k8s deps related to customize error.

* refactor to use hcp-sdk

* removing unused vars

* updated based on latest specs.

* Refactor usage of sdk client so that it properly picks up environment variables and starts oauth flow.

* Make proper use of the resourceid to supply the BootstrapParams.  Add the ability to pass in an http client to the install command and the CloudPreset so that TLS can be used with httptest mock server since tls is enforced for the oauth request in the hcp-sdk.

* updated to latest hcp-sdk-go-internal version

* include HCP_AUTH_URL and HCP_API_HOST in configuring server-statefulset

* Adding comment to server-statefulset and commenting out test

* update comment to correct hcp-go-sdk

* update bats test comments for -tls-server-name

* get rid of cli lint error

* removing manual test

* Apply suggestions from code review

Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>

* updating new secrets to not have quotes. using os.Unsetenv in tests

* adding global.cloud.enabled

* adding space in values.yaml

* Apply suggestions from code review

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>

* fixing test in install_test.go to have cleaner simpler logic around expecting errors.

* update function comments in cloud_preset.go

* updated conditional logic on server-statefulset.yaml to also look for cloud secret name in addition to cloud enabled when setting the cloud stanza

* updated getDeepyCopyOfValidBootstrapConfig() to get DeepCopy....

* removing unused test logic

* Adding upgrade functionality for cloud preset.

* remove manual upgrade test

* Embed hashicups demo helm chart and expose demo falg to install it.

* fixing rebase conflicts in install.go

* rename demo preset to quickstart preset

* adding missing quickstart.go file

* enable handling dry runof both consul and consul demo app.

* modify hashicups deployments so that theyhave the consul.hashicorp.com/connect-inject annotation set to true so that they are automatically opted into the service mesh

* making namespace dynamic in demo helm charts.

* name for demo helm chart to consul-demo

* basic uninstall working

* refactor install and uninstall to re-use functions and components.

* replace instance of Consul Demo with use of constant.

* using --namespace instead of -n on port forwad command.  capitalizing Accessing Consul Demo Applidation UI.

* removing remnant test

* correcting mergeconflict

* removing temporary test

* tests for install

* fix issue bypassing the correct release name for consul-demo

* use interface and mocks for helm actions and add tests.

* Adding tests for install and uninstall

* Add Ability to install an HCP self-managed cluster (#8)

* Add global.cloud to values.yaml

* Map global.cloud.secreeName to environment variables and hcl in command for server container.

* Adding cloud preset and validation for it.

* add parsing gnm response to struct.

* Added functionality and unit tests for SaveSecretsFromBootstrapConfig()

* Added functionality and unit tests for GetHelmConfigWithMapSecretNames

* Added functionality and unit tests for FetchAgentBootstrapConfig()

* Rename cloud_preset_installer to cloud_preset_helper

* hooked preset installer helper to install command.  have unit test that works like acceptance test.  passing.

* changing code to work with the certs that get generated from HCP.  affects setting -tls-server-name on get-auto-encrypt-client-ca, server-acl-init, and the acl-init init containers for clients.

* Adding CLI Output changes.

* Moving and consolidating cloud preset files

* Moved preset templates to implementations of a Preset interface

* removing upgrade tests

* change context.TODO() to context.Background()

* docstrings

* fixing description for preset flag to properly show the list ofvalid presets.

* Renaming coud_prset.go to cloud_set.go

* refactor out common logic from the local getPreset functions in install and uninstall commands.

* upgrade helm and k8s deps related to customize error.

* refactor to use hcp-sdk

* removing unused vars

* updated based on latest specs.

* Refactor usage of sdk client so that it properly picks up environment variables and starts oauth flow.

* Make proper use of the resourceid to supply the BootstrapParams.  Add the ability to pass in an http client to the install command and the CloudPreset so that TLS can be used with httptest mock server since tls is enforced for the oauth request in the hcp-sdk.

* updated to latest hcp-sdk-go-internal version

* include HCP_AUTH_URL and HCP_API_HOST in configuring server-statefulset

* Adding comment to server-statefulset and commenting out test

* update comment to correct hcp-go-sdk

* update bats test comments for -tls-server-name

* get rid of cli lint error

* removing manual test

* Apply suggestions from code review

Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>

* updating new secrets to not have quotes. using os.Unsetenv in tests

* adding global.cloud.enabled

* adding space in values.yaml

* Apply suggestions from code review

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>

* fixing test in install_test.go to have cleaner simpler logic around expecting errors.

* update function comments in cloud_preset.go

* updated conditional logic on server-statefulset.yaml to also look for cloud secret name in addition to cloud enabled when setting the cloud stanza

* updated getDeepyCopyOfValidBootstrapConfig() to get DeepCopy....

* removing unused test logic

Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>

* CHANGELOG: formatting and missing links (#1467)

* release 0.48.0 (#1473)

* release 0.48.0
* update envoy version to 1.23.1

* put main back into dev (#1476)

* added notes hashicup helm docs

* CHANGELOG: formatting and missing links (#1467)

* release 0.48.0 (#1473)

* release 0.48.0
* update envoy version to 1.23.1

* put main back into dev (#1476)

Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
  • Loading branch information
4 people committed Sep 28, 2022
1 parent 678d4d6 commit a280c49
Show file tree
Hide file tree
Showing 23 changed files with 1,669 additions and 636 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,10 @@ IMPROVEMENTS:

## 0.48.0 (September 01, 2022)

## 0.48.0 (September 01, 2022)

## 0.48.0 (September 01, 2022)

FEATURES:
* MaxInboundConnections in service-defaults CRD
* Add support for MaxInboundConnections on the Service Defaults CRD. [[GH-1437](https://github.com/hashicorp/consul-k8s/pull/1437)]
Expand Down
23 changes: 23 additions & 0 deletions charts/demo/.helmignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
24 changes: 24 additions & 0 deletions charts/demo/Chart.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
apiVersion: v2
name: consul-demo
description: A Helm chart for Consul demo app

# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application

# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0

# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "0.1.0"
116 changes: 116 additions & 0 deletions charts/demo/templates/frontend.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,116 @@
# WARNING: The HashiCups files have been copied directly from
# https://github.com/hashicorp/learn-consul-kubernetes/tree/main/layer7-observability/hashicups
# Any modifications begin with the comment # BEGIN CONSUL-K8S MODIFICATION
# and end with the comment # BEGIN CONSUL-K8S MODIFICATION.
# If keeping these files manually up to date with their upstream source,
# the files will need to be copied from the above repo and transferred here.
# Once transferred, all modifications will need to be reapplied.
---
apiVersion: v1
kind: Service
metadata:
name: frontend
labels:
app: frontend
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 80
selector:
app: frontend
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: frontend
automountServiceAccountToken: true
---
apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceDefaults
metadata:
name: frontend
spec:
protocol: "http"
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-configmap
data:
config: |
# /etc/nginx/conf.d/default.conf
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
# Proxy pass the api location to save CORS
# Use location exposed by Consul connect
location /api {
# BEGIN CONSUL-K8S MODIFICATION
proxy_pass http://public-api.{{ .Release.Namespace }}.svc.cluster.local:8080;
# END CONSUL-K8S MODIFICATION
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: frontend
spec:
replicas: 1
selector:
matchLabels:
service: frontend
app: frontend
template:
metadata:
labels:
service: frontend
app: frontend
# BEGIN CONSUL-K8S MODIFICATION
annotations:
'consul.hashicorp.com/connect-inject': 'true'
# END CONSUL-K8S MODIFICATION
spec:
serviceAccountName: frontend
volumes:
- name: config
configMap:
name: nginx-configmap
items:
- key: config
path: default.conf
containers:
- name: frontend
image: hashicorpdemoapp/frontend:v0.0.3
ports:
- containerPort: 80
volumeMounts:
- name: config
mountPath: /etc/nginx/conf.d
readOnly: true
---
apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceIntentions
metadata:
name: frontend-to-public-api
spec:
destination:
name: public-api
sources:
- name: frontend
action: allow
76 changes: 76 additions & 0 deletions charts/demo/templates/postgres.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
# WARNING: The HashiCups files have been copied directly from
# https://github.com/hashicorp/learn-consul-kubernetes/tree/main/layer7-observability/hashicups
# Any modifications begin with the comment # BEGIN CONSUL-K8S MODIFICATION
# and end with the comment # BEGIN CONSUL-K8S MODIFICATION.
# If keeping these files manually up to date with their upstream source,
# the files will need to be copied from the above repo and transferred here.
# Once transferred, all modifications will need to be reapplied.
---
apiVersion: v1
kind: Service
metadata:
name: postgres
labels:
app: postgres
spec:
type: ClusterIP
ports:
- port: 5432
targetPort: 5432
selector:
app: postgres
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: postgres
automountServiceAccountToken: true
---
apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceDefaults
metadata:
name: postgres
spec:
protocol: tcp
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: postgres
spec:
replicas: 1
selector:
matchLabels:
service: postgres
app: postgres
template:
metadata:
labels:
service: postgres
app: postgres
# BEGIN CONSUL-K8S MODIFICATION
annotations:
'consul.hashicorp.com/connect-inject': 'true'
# END CONSUL-K8S MODIFICATION
spec:
serviceAccountName: postgres
containers:
- name: postgres
image: hashicorpdemoapp/product-api-db:v0.0.11
ports:
- containerPort: 5432
env:
- name: POSTGRES_DB
value: products
- name: POSTGRES_USER
value: postgres
- name: POSTGRES_PASSWORD
value: password
# only listen on loopback so only access is via connect proxy
args: ["-c", "listen_addresses=127.0.0.1"]
volumeMounts:
- mountPath: "/var/lib/postgresql/data"
name: "pgdata"
volumes:
- name: pgdata
emptyDir: {}
108 changes: 108 additions & 0 deletions charts/demo/templates/product-api.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,108 @@
# WARNING: The HashiCups files have been copied directly from
# https://github.com/hashicorp/learn-consul-kubernetes/tree/main/layer7-observability/hashicups
# Any modifications begin with the comment # BEGIN CONSUL-K8S MODIFICATION
# and end with the comment # BEGIN CONSUL-K8S MODIFICATION.
# If keeping these files manually up to date with their upstream source,
# the files will need to be copied from the above repo and transferred here.
# Once transferred, all modifications will need to be reapplied.
---
apiVersion: v1
kind: Service
metadata:
name: product-api
spec:
selector:
app: product-api
ports:
- name: http
protocol: TCP
port: 9090
targetPort: 9090
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: product-api
automountServiceAccountToken: true
---
apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceDefaults
metadata:
name: product-api
spec:
protocol: "http"
---
apiVersion: v1
kind: ConfigMap
metadata:
name: db-configmap
data:
config: |
{
# BEGIN CONSUL-K8S MODIFICATION
"db_connection": "host=postgres.{{ .Release.Namespace }}.svc.cluster.local port=5432 user=postgres password=password dbname=products sslmode=disable",
# END CONSUL-K8S MODIFICATION
"bind_address": ":9090",
"metrics_address": ":9103"
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: product-api
labels:
app: product-api
spec:
replicas: 1
selector:
matchLabels:
app: product-api
template:
metadata:
labels:
app: product-api
# BEGIN CONSUL-K8S MODIFICATION
annotations:
'consul.hashicorp.com/connect-inject': 'true'
# END CONSUL-K8S MODIFICATION
spec:
serviceAccountName: product-api
volumes:
- name: config
configMap:
name: db-configmap
items:
- key: config
path: conf.json
containers:
- name: product-api
image: hashicorpdemoapp/product-api:v0.0.12
ports:
- containerPort: 9090
- containerPort: 9103
env:
- name: "CONFIG_FILE"
value: "/config/conf.json"
livenessProbe:
httpGet:
path: /health
port: 9090
initialDelaySeconds: 15
timeoutSeconds: 1
periodSeconds: 10
failureThreshold: 30
volumeMounts:
- name: config
mountPath: /config
readOnly: true
---
apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceIntentions
metadata:
name: product-api-to-postgres
spec:
destination:
name: postgres
sources:
- name: product-api
action: allow
Loading

0 comments on commit a280c49

Please sign in to comment.