Cr 4204 helm values (#649)

Helm value flag for hybrid agent installation.

Author: yuri-denysenko-codefresh

lib/interface/cli/commands/hybrid/init.cmd.js

@@ -1,4 +1,6 @@
 /* eslint-disable max-len */
+const fs = require('fs');
+
 const Command = require('../../Command');
 const runnerRoot = require('../root/runner.cmd');
 const inquirer = require('inquirer');
@@ -36,13 +38,14 @@ const {
     INSTALLATION_DEFAULTS,
 } = require('./helper');
 const InstallationPlan = require('./InstallationPlan');
+const { produceVenonaKeys } = require('./key-helper');
 const { array } = require('yargs');
 
 const defaultDockerRegistry = 'quay.io';
 const handleError = createErrorHandler(`\nIf you had any issues with the installation please report them at: ${colors.blue('https://github.com/codefresh-io/cli/issues/new')}`);
 
 async function isNewAccount() {
-    const [pipelines, err] = await to(sdk.pipelines.list({ }));
+    const [pipelines, err] = await to(sdk.pipelines.list({}));
     if (!err && _.isArray(_.get(pipelines, 'docs'))) {
         return !pipelines.docs.length;
     }
@@ -61,6 +64,7 @@ function printInstallationOptionsSummary({
     appProxy,
     appProxyHost,
     dryRun,
+    shouldUseHelm,
 }) {
     let summary = `\n${colors.green('Installation options summary:')} 
     1. Kubernetes Context: ${colors.cyan(kubeContextName)}
@@ -78,6 +82,9 @@ function printInstallationOptionsSummary({
     if (dryRun) {
         summary += '**** running in dry-run mode ****';
     }
+    if (shouldUseHelm) {
+        summary += '**** running in helm values generation mode ****';
+    }
     console.log(summary);
 }
 
@@ -104,6 +111,10 @@ const initCmd = new Command({
         .option('url', {
             describe: 'Codefresh system custom url',
         })
+        .option('generate-helm-values-file', {
+            describe: 'Path to the new generated helm values file',
+            type: 'string',
+        })
         .option('kube-context-name', {
             describe: 'Name of the Kubernetes context on which runner should be installed [$CF_ARG_KUBE_CONTEXT_NAME]',
         })
@@ -246,6 +257,7 @@ const initCmd = new Command({
         const {
             'kube-node-selector': kubeNodeSelector,
             'build-node-selector': buildNodeSelector,
+            'generate-helm-values-file': helmValuesFile,
             tolerations,
             'kube-config-path': kubeConfigPath,
             'storage-class-name': storageClassName,
@@ -274,6 +286,9 @@ const initCmd = new Command({
             'dry-run': dryRun,
             'bypass-download': bypassDownload
         } = _argv;
+
+        const shouldUseHelm = !!helmValuesFile;
+
         let {
             'kube-context-name': kubeContextName,
             'kube-namespace': kubeNamespace,
@@ -303,6 +318,10 @@ const initCmd = new Command({
         httpsProxy = httpsProxy || detectedProxyVars.httpsProxy;
         noProxy = noProxy || detectedProxyVars.noProxy;
 
+        if (shouldUseHelm) {
+            shouldExecutePipeline = false;
+        }
+
         if (noQuestions) {
             // use defaults
             kubeContextName = kubeContextName || getKubeContext(kubeConfigPath);
@@ -420,6 +439,7 @@ const initCmd = new Command({
             appProxy,
             appProxyHost,
             dryRun,
+            shouldUseHelm,
         });
 
         if (token) {
@@ -538,6 +558,7 @@ const initCmd = new Command({
             },
             installationEvent: installationProgress.events.AGENT_INSTALLED,
             executeOnDryRun: true,
+            condition: !shouldUseHelm,
         });
 
         // generate new runtime name
@@ -709,6 +730,7 @@ const initCmd = new Command({
             },
             installationEvent: installationProgress.events.RUNTIME_INSTALLED,
             executeOnDryRun: true,
+            condition: !shouldUseHelm,
         });
 
         installationPlan.addStep({
@@ -733,7 +755,7 @@ const initCmd = new Command({
                 installationPlan.addContext('appProxyIP', `${appProxyUrl}`);
             },
             installationEvent: installationProgress.events.APP_PROXY_INSTALLED,
-            condition: !!appProxy,
+            condition: !!appProxy && !shouldUseHelm,
             executeOnDryRun: true,
         });
 
@@ -751,7 +773,13 @@ const initCmd = new Command({
                 await sdk.runtimeEnvs.update({ name: reName }, _.merge(re, body));
                 console.log(`Runtime environment "${colors.cyan(reName)}" has been updated with the app proxy`);
             },
-            condition: async () => installationPlan.getContext('appProxyIP'),
+            condition: async () => {
+                if (shouldUseHelm) {
+                    return false;
+                }
+
+                return installationPlan.getContext('appProxyIP');
+            },
         });
 
         // update agent with new runtime
@@ -802,6 +830,7 @@ const initCmd = new Command({
             },
             installationEvent: installationProgress.events.RUNNER_INSTALLED,
             executeOnDryRun: true,
+            condition: !shouldUseHelm,
         });
 
         // install monitoring
@@ -829,6 +858,10 @@ const initCmd = new Command({
             installationEvent: installationProgress.events.MONITOR_INSTALLED,
             executeOnDryRun: true,
             condition: async () => {
+                if (shouldUseHelm) {
+                    return false;
+                }
+
                 if (!installMonitor) {
                     return false;
                 }
@@ -842,10 +875,47 @@ const initCmd = new Command({
             },
         });
 
+        // helm value files if its enabled
+        installationPlan.addStep({
+            name: 'generate helm value files',
+            func: async () => {
+                const runtimeNameContext = installationPlan.getContext('runtimeName');
+                const agent = installationPlan.getContext('agent');
+
+                const keys = await produceVenonaKeys(
+                    _.get(sdk, 'config.context.token'),
+                    kubeNamespace,
+                );
+
+                const global = {
+                    namespace: kubeNamespace,
+                    codefreshHost: sdk.config.context.url,
+                    agentToken: agent.token,
+                    agentId: agent.id,
+                    agentName: agent.name,
+                    accountId: agent.account,
+                    runtimeName: runtimeNameContext,
+                    keys,
+                };
+
+                const content = JSON.stringify({ global }, null, 4);
+
+                fs.writeFileSync(
+                    helmValuesFile,
+                    content,
+                    {
+                        encoding: 'utf8',
+                    },
+                );
+            },
+            condition: shouldUseHelm,
+        });
+
         // Post Installation
         if (shouldExecutePipeline) {
             const pipelines = await sdk.pipelines.list({ id: `${INSTALLATION_DEFAULTS.PROJECT_NAME}/${INSTALLATION_DEFAULTS.DEMO_PIPELINE_NAME}` });
             const testPipelineExists = !!_.get(pipelines, 'docs.length');
+
             if (!testPipelineExists) {
                 installationPlan.addStep({
                     name: 'create test pipeline',
@@ -876,6 +946,7 @@ const initCmd = new Command({
                     exitOnError: false,
                 });
             }
+
             installationPlan.addStep({
                 name: 'execute test pipeline',
                 func: async () => {
@@ -891,9 +962,12 @@ const initCmd = new Command({
 
         await installationPlan.execute();
 
-        console.log(colors.green('\nRunner Status:'));
-        await getAgents.handler({});
-        console.log('');
+        if (!shouldUseHelm) {
+            console.log(colors.green('\nRunner Status:'));
+            await getAgents.handler({});
+            console.log('');
+        }
+
         if (installMonitor) {
             console.log(`Go to ${colors.blue('https://g.codefresh.io/kubernetes/services/')} to view your cluster in Codefresh dashbaord`);
         }

lib/interface/cli/commands/hybrid/key-helper.js

@@ -0,0 +1,82 @@
+const forge = require('node-forge');
+const rp = require('request-promise');
+const AdmZip = require('adm-zip');
+
+const sdk = require('../../../../logic/sdk');
+// eslint-disable-next-line prefer-destructuring
+const pki = forge.pki;
+// eslint-disable-next-line prefer-destructuring
+const rsa = pki.rsa;
+
+const defaultCertCN = 'docker.codefresh.io';
+
+function generateKeys() {
+    return new Promise((resolve, reject) => {
+        function keyGenerated(err, { publicKey, privateKey }) {
+            if (err) {
+                reject(err);
+                return;
+            }
+
+            const csr = pki.createCertificationRequest();
+            csr.publicKey = publicKey;
+            csr.setSubject([{
+                name: 'commonName',
+                value: defaultCertCN,
+            }]);
+            csr.sign(privateKey);
+
+            resolve({
+                key: pki.privateKeyToPem(privateKey),
+                csr: pki.certificationRequestToPem(csr),
+            });
+        }
+
+        rsa.generateKeyPair({
+            bits: 2048,
+        }, keyGenerated);
+    });
+}
+
+function extractZipCerts(zip) {
+    const data = {};
+    const admZip = new AdmZip(zip);
+    admZip.forEach(e => {
+        if (e.entryName === 'cf-ca.pem') {
+            data.ca = admZip.readAsText(e);
+        }
+        if (e.entryName === 'cf-server-cert.pem') {
+            data.serverCert = admZip.readAsText(e);
+        }
+    });
+    return data;
+}
+
+async function produceVenonaKeys(namespace) {
+    const keys = await generateKeys();
+    const body = JSON.stringify({
+        reqSubjectAltName: `IP:127.0.0.1,DNS:dind,DNS:*.dind.${namespace},DNS:*.dind.${namespace}.svc,DNS:*.cf-cd.com,DNS:*.codefresh.io`,
+        csr: keys.csr,
+    });
+
+    const zip = await rp.post({
+        uri: `${sdk.config.context.url}/api/custom_clusters/signServerCerts`,
+        body,
+        encoding: null,
+        headers: {
+            'Content-type': 'application/json',
+            Authorization: sdk.config.context.token,
+        },
+    });
+
+    const allKeys = {
+        ...keys,
+        ...extractZipCerts(zip),
+    };
+
+    return allKeys;
+}
+
+module.exports = {
+    produceVenonaKeys,
+};

package.json

@@ -1,6 +1,6 @@
 {
   "name": "codefresh",
-  "version": "0.75.13",
+  "version": "0.75.14",
   "description": "Codefresh command line utility",
   "main": "index.js",
   "preferGlobal": true,
@@ -31,6 +31,7 @@
   },
   "dependencies": {
     "@codefresh-io/docker-reference": "^0.0.5",
+    "adm-zip": "^0.5.5",
     "ajv": "^6.6.1",
     "bluebird": "^3.5.1",
     "cf-errors": "^0.1.12",
@@ -61,6 +62,7 @@
     "mkdirp": "^0.5.1",
     "moment": "^2.19.4",
     "mongodb": "^3.0.1",
+    "node-forge": "^0.10.0",
     "ora": "^3.0.0",
     "prettyjson": "^1.2.1",
     "promise-retry": "^2.0.1",
@@ -76,6 +78,7 @@
     "yargs-parser": "^13.0.0"
   },
   "devDependencies": {
+    "@types/node-forge": "^0.9.7",
     "eslint": "^4.11.0",
     "eslint-config-airbnb-base": "^12.1.0",
     "eslint-plugin-import": "^2.8.0",

yarn.lock

@@ -128,6 +128,13 @@
   resolved "https://registry.yarnpkg.com/@types/json-schema/-/json-schema-7.0.4.tgz#38fd73ddfd9b55abb1e1b2ed578cb55bd7b7d339"
   integrity sha512-8+KAKzEvSUdeo+kmqnKrqgeE+LcA0tjYWFY7RPProVYwnqDjukzO+3b6dLD56rYX5TdWejnEOLJYOIeh4CXKuA==
 
+"@types/node-forge@^0.9.7":
+  version "0.9.7"
+  resolved "https://registry.yarnpkg.com/@types/node-forge/-/node-forge-0.9.7.tgz#948f7b52d352a6c4ab22d3328c206f0870672db5"
+  integrity sha512-AX7Mqk5ztzSvxqsA/q8y0k0/znJpW6QAqnoLQMEi7A3tio+laRmC/8Q3gbATHT4kZnvhnDmGAy1CpWFzlzCfeA==
+  dependencies:
+    "@types/node" "*"
+
 "@types/node@*":
   version "14.0.1"
   resolved "https://registry.yarnpkg.com/@types/node/-/node-14.0.1.tgz#5d93e0a099cd0acd5ef3d5bde3c086e1f49ff68c"
@@ -230,6 +237,11 @@ acorn@^6.0.1:
   resolved "https://registry.yarnpkg.com/acorn/-/acorn-6.4.1.tgz#531e58ba3f51b9dacb9a6646ca4debf5b14ca474"
   integrity sha512-ZVA9k326Nwrj3Cj9jlh3wGFutC2ZornPNARZwsNYqQYgN0EsV2d53w5RN/co65Ohn4sUAUtb1rSUAOD6XN9idA==
 
+adm-zip@^0.5.5:
+  version "0.5.5"
+  resolved "https://registry.yarnpkg.com/adm-zip/-/adm-zip-0.5.5.tgz#b6549dbea741e4050309f1bb4d47c47397ce2c4f"
+  integrity sha512-IWwXKnCbirdbyXSfUDvCCrmYrOHANRZcc8NcRrvTlIApdl7PwE9oGcsYvNeJPAVY1M+70b4PxXGKIf8AEuiQ6w==
+
 aggregate-error@^3.0.0:
   version "3.0.1"
   resolved "https://registry.yarnpkg.com/aggregate-error/-/aggregate-error-3.0.1.tgz#db2fe7246e536f40d9b5442a39e117d7dd6a24e0"
@@ -3984,6 +3996,11 @@ node-fetch@2.6.1:
   resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.1.tgz#045bd323631f76ed2e2b55573394416b639a0052"
   integrity sha512-V4aYg89jEoVRxRb2fJdAg8FHvI7cEyYdVAh94HH0UIK8oJxUfkjlDQN9RbMx+bEjP7+ggMiFRprSti032Oipxw==
 
+node-forge@^0.10.0:
+  version "0.10.0"
+  resolved "https://registry.yarnpkg.com/node-forge/-/node-forge-0.10.0.tgz#32dea2afb3e9926f02ee5ce8794902691a676bf3"
+  integrity sha512-PPmu8eEeG9saEUvI97fm4OYxXVB6bFvyNTyiUOBichBpFG8A1Ljw3bY62+5oOjDEMHRnd0Y7HQ+x7uzxOzC6JA==
+
 node-int64@^0.4.0:
   version "0.4.0"
   resolved "https://registry.yarnpkg.com/node-int64/-/node-int64-0.4.0.tgz#87a9065cdb355d3182d8f94ce11188b825c68a3b"