Add bootstrap command for gitops cli to bootstrap WGE #3371
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
enekofb
reviewed
Oct 11, 2023
| cmd.Flags().StringVarP(&flags.username, "username", "u", "", "Dashboard admin username") | ||
| cmd.Flags().StringVarP(&flags.password, "password", "p", "", "Dashboard admin password") | ||
| cmd.Flags().StringVarP(&flags.version, "version", "v", "", "Weave GitOps Enterprise version to install") | ||
| cmd.Flags().StringVarP(&flags.domainType, "domain-type", "t", "", "dashboard domain type: could be 'localhost' or 'externaldns'") |
There was a problem hiding this comment.
pending:
- security assessment
- expose and ingress comments
- portfoward and exit for localhost
follow-ups:
- onboarding CLI: add export modes #3420
- bootstrap cli: add mode to use defaults / non-interactive mode #3465
- do we think we benefit from also dry-run?
- increase unit testing
- reduce integration test cases
- support for https
- config refactor -> bootstrap package and modular for better encapsulation
- consolidate domain steps into one Add bootstrap command for gitops cli to bootstrap WGE #3371 (comment)
- should we consider success messages outputs or just resources ?
- if we still doing portforward to see whether we could do it via library instead of kubectl
- document why we dont use
go-scmas other parts of WGE? - enable to bootstrap in not flux-system (more info Add bootstrap command for gitops cli to bootstrap WGE #3371 (comment))
- review error management design and consistency: we have in the internal docs but we would need to review
- flux bootstrapped in a different ns and without a different kustomization?
- logging: ensure logging consistency according to the design docs.
- a single ubiquitous bootstrapping workflow that anyone could understand and trace into different ways of delivery - this should update docs and code - background https://weaveworks.slack.com/archives/C05HC9R4DUG/p1697031941093009
- handle scenario where wge is already bootstrapped
- follow up: document why we dont use go-scm as other parts of WGE?
- https://github.com/weaveworks/weave-gitops-enterprise/pull/3371/files#r1355099766
- simplify kube config https://github.com/weaveworks/weave-gitops-enterprise/pull/3371/files#r1347498881
- align path where wge is commented with cx expectations
- flag to reuse credentials (or might be just default)
- RBAC for admin user where no
wego-adminbutadmin
enekofb
reviewed
Oct 11, 2023
There was a problem hiding this comment.
last part of the review where i could execute the boostrap. Comments added and here the full output
➜ weave-gitops-enterprise git:(3165-onboarding-cli) ✗ go run cmd/gitops/main.go bootstrap <aws:sts>
► Creating client to cluster
✔ Created client to cluster kind-cli
◎ Verifying Weave GitOps Entitlement File
✔ entitlement file exists and is valid
◎ Checking Flux is bootstrapped
► Verifying flux installation
✔ Flux is installed
► Verifying flux reconcillation
✔ Flux is bootstrapped
◎ Private key path and password
Disclaimer: private key will be used to push WGE resources into the default repository only. It won't be stored or used anywhere else for any reason.
Private key path: /Users/enekofb/.ssh/id_ed25519
Private key password:
◎ Select WGE Version
✔ 0.33.0
✔ Selected version 0.33.0
◎ User Authentication
dashboard admin username (default: wego-admin): wego-admin
dashboard admin password (Minimum characters: 6):
► Dashboard admin username: wego-admin
✔ Admin login credentials has been created successfully!
► Creating secret: 'flux-system/cluster-user-auth'
✔ Created secret 'flux-system/cluster-user-auth'
◎ Dashboard access
✔ external DNS
✔ Dashboard access domain: external DNS
◎ Install Weave Gitops Enterprise
Please make sure to have the external DNS service installed in your cluster, or you have a domain that points to your cluster.
For more information about external DNS, please refer to: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-configuring.html
Please enter your cluster domain: mydomain.com
► Installing v0.33.0 ... It may take a few minutes.
► Rendering HelmRepository file
► Rendered HelmRepository file
► Rendering HelmRelease file
► Rendered HelmRelease file
► Writing file to repo: 'wge-hrepo.yaml'
► Cloning flux git repo: 'flux-system/flux-system'
✔ Cloned flux git repo: 'flux-system/flux-system'
✔ File 'wge-hrepo.yaml' is written to repo: 'flux-system'
◎ Reconciling changes
✔ Changes are reconciled successfully!
► Writing file to repo: 'wge-hrelease.yaml'
► Cloning flux git repo: 'flux-system/flux-system'
✔ Cloned flux git repo: 'flux-system/flux-system'
✔ File 'wge-hrelease.yaml' is written to repo: 'flux-system'
◎ Reconciling changes
✔ Changes are reconciled successfully!
◎ Preparing dashboard domain
✔ WGE v0.33.0 is installed successfully
You can visit the UI at https://mydomain.com/
enekofb
reviewed
Oct 11, 2023
* reviewed documentation * updated docs with waleed input * reviewed TBD * latest set of changes * removing commented * remove debugging * removed stale documentation * removed withe space * review * removed unused
enekofb
approved these changes
Oct 12, 2023
There was a problem hiding this comment.
Awesome work @waleedhammam @Samra10
Let's kick internal feedback ball rolling and keep iterating
Here the link to the pending items and follow ups
AsmaaNabilBakr
pushed a commit
that referenced
this pull request
Oct 15, 2023
* init gitops bootstrap command for wge * add checks for entitlement and flux * Add wge version choise list * add create admin username and password secret * add install wge * fix adding admin password * fix linting * run go mod tidy * enable ingress * add domain type selector * add option to bootstrap flux * adjust bootstraping flux and domain * add install extra controllers * fix lint * rename package checks to commands * refactor packages * early exit * refactor errors and add utils for git repos * refactor wge installation to use files * refactor extra controllers * remove extra unneeded values * Add OIDC * update portforward * add admin password revert * refactor error handeling * fix unhandeled errors * refactor creating helmrepos and helmreleases * refactor styling * go mod tidy * split utils * Add OIDC * refactor creating extra controllers * move install extra controller to commands * add oidc * Add OIDC * install capi controller * add terraform controller * refactor OIDC cli * fix linting * fix lintting * fix lint * fix lint * update OIDC CLI * handle error msgs * move check mark to method * reformat error * cleanup * update CLI OIDC * fix confirm input * type * Add localhost portforward info * add gitopssets controller * enable pipelines controller and cluster-controller and gitopssets by default * remove gitops sets * handle existing secrets * Update onboarding CLI messages * cleanup utils * cleanup utils * cleanup domain * cleanup utils * cleanup input * cleanup input * edit messages and variableNames * update cli messages * cleanup variables * cleanup constants * cleanup constants * add unit test for k8s utils and refactor accordingly * add unit tests for flux * add unit test for admin password * Add unit -test for adding capi & policy-agent * move controllers under gitops add * add unit test for wge version * test oidc get issuer * Move controllers under gitops add * Move controllers under gitops add * pause add controllers tests * restore install controller function after setup * fix controllers * pass opts to controllers * refactor git utilits * refactor git utilities * prepare bootstrap bommand for release1 * address messages and languague * clean extra variables * remove oidc flow to another branch * Update cmd/gitops/app/bootstrap/cmd.go Co-authored-by: Eneko Fernández <[email protected]> * Update cmd/gitops/app/bootstrap/cmd.go Co-authored-by: Eneko Fernández <[email protected]> * refactor git utility & add unit-test * remove out of scope componenets * apply code review comments to refactor file names and error messages * move bootstrap package under pkg * refactor using the k8s client and add silent mode refactor git utils * fix admin password * verify username and password * remove unused methods * fix spelling * remove aws related stuff * use git library add check for previous installation * fix lint * imporve error messages to stage failures * adjust gitopssets values and installation checks * clean silent mode * add checks for kubeconfig * adjust admin password * refactor commands to use config interface struct * improve error messages * remove unused variable * wip adding cli design doc * wip adding cli design doc * add error guidance * rename config to bootstrapper to be more clear * refactor commands to use steps pattern * continue on refactor commands to use steps pattern * fix ssh authenticate by explictly asking for private key file in case the key is not loaded in ssh agent. this usually happens on macos * added integration test, refactored configuration and design (#3458) * Changes after the review to enhance the following aspects Testing: - Added integration test so we could test the functionality e2e: it uses some local configuration that we need to test but already provides the acceptance layer that we were missing: Design: - Bootstrap workflow moved to the domain layer within `pkg` so it could be presented in different forms. - Integrated configuration chain of responsibility into a single a builder pattern, so we have configurability in this layer. As a result: - we dont need to pass the flags to the steps - we config the stepsbefore the workflow is executed which seems the right moment. Other refactors: - Moved steps to package `steps` from `command` for consistency * integrated ssh key management * add events and error messages and fix domain bug * add current context * fix lint * add entitlement expiration message * fix entitlement expiration * fix entitlement expiration * seperate entitlement secret validations * add messages for flux * edit messages to small letter and update success messages * add validation for password and wge version * add test cases for admin password create creds * add test cases for domain type * update entitlement test * add validation on password input * remove aws related message * panic in case of casting error to give more context about the error * handle portforward and error messages * fix external dns spacing * add validation on domain type * Cli eneko review (#3474) * reviewed documentation * updated docs with waleed input * reviewed TBD * latest set of changes * removing commented * remove debugging * removed stale documentation * removed withe space * review * removed unused --------- Co-authored-by: Ahmad Samir <[email protected]> Co-authored-by: Eneko Fernández <[email protected]> Co-authored-by: Eneko Fernandez <[email protected]>
44 tasks
bigkevmcd
reviewed
Oct 16, 2023
| Namespace: namespace, | ||
| }, | ||
| } | ||
| err := client.Delete(context.Background(), secret, &k8s_client.DeleteOptions{}) |
There was a problem hiding this comment.
You don't need to pass in the DeleteOptions here?
bigkevmcd
reviewed
Oct 16, 2023
| Data: data, | ||
| } | ||
|
|
||
| err := client.Create(context.Background(), secret, &k8s_client.CreateOptions{}) |
There was a problem hiding this comment.
You don't need to pass CreateOptions here?
bigkevmcd
reviewed
Oct 16, 2023
|
|
||
| // getCurrentKubeConfig checks for active kubeconfig by the following priority: | ||
| // passed as cli argument, KUBECONFIG env variable and finally $HOME/.kube/config | ||
| func getCurrentKubeConfig(kubeconfig string) (string, error) { |
There was a problem hiding this comment.
Any reason not to use https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/client/config#GetConfig ?
There was a problem hiding this comment.
thanks for the comment, there's a follow-up ticket to this PR here that we will address this point in
AsmaaNabilBakr
added a commit
that referenced
this pull request
Nov 9, 2023
* Fix naming of KubeConfig cluster for empty context. When the context is "" i.e. the default context, this was generating odd names for the KubeConfig elements `-user` etc. This ensures that we put something in for the context. * Add creating a role or binding client object for delete transactions manually in case of an "object not found" error. Add sending delete object transactions for deleted roles and bindings in case of an "object not found" error. Add `IsValidID` method to role to be able to delete roles without policy rules (those, which are manually constructed to pass with delete transactions). Update corresponding tests in `reconciler`, `rolecollector`, and `store` packages. * fix: Minor typo * Bump version of weave-gitops to latest (#3471) Signed-off-by: wge-build-bot <[email protected]> Co-authored-by: wge-build-bot <[email protected]> Co-authored-by: Ahmad Samir <[email protected]> * Add bootstrap command for gitops cli to bootstrap WGE (#3371) * init gitops bootstrap command for wge * add checks for entitlement and flux * Add wge version choise list * add create admin username and password secret * add install wge * fix adding admin password * fix linting * run go mod tidy * enable ingress * add domain type selector * add option to bootstrap flux * adjust bootstraping flux and domain * add install extra controllers * fix lint * rename package checks to commands * refactor packages * early exit * refactor errors and add utils for git repos * refactor wge installation to use files * refactor extra controllers * remove extra unneeded values * Add OIDC * update portforward * add admin password revert * refactor error handeling * fix unhandeled errors * refactor creating helmrepos and helmreleases * refactor styling * go mod tidy * split utils * Add OIDC * refactor creating extra controllers * move install extra controller to commands * add oidc * Add OIDC * install capi controller * add terraform controller * refactor OIDC cli * fix linting * fix lintting * fix lint * fix lint * update OIDC CLI * handle error msgs * move check mark to method * reformat error * cleanup * update CLI OIDC * fix confirm input * type * Add localhost portforward info * add gitopssets controller * enable pipelines controller and cluster-controller and gitopssets by default * remove gitops sets * handle existing secrets * Update onboarding CLI messages * cleanup utils * cleanup utils * cleanup domain * cleanup utils * cleanup input * cleanup input * edit messages and variableNames * update cli messages * cleanup variables * cleanup constants * cleanup constants * add unit test for k8s utils and refactor accordingly * add unit tests for flux * add unit test for admin password * Add unit -test for adding capi & policy-agent * move controllers under gitops add * add unit test for wge version * test oidc get issuer * Move controllers under gitops add * Move controllers under gitops add * pause add controllers tests * restore install controller function after setup * fix controllers * pass opts to controllers * refactor git utilits * refactor git utilities * prepare bootstrap bommand for release1 * address messages and languague * clean extra variables * remove oidc flow to another branch * Update cmd/gitops/app/bootstrap/cmd.go Co-authored-by: Eneko Fernández <[email protected]> * Update cmd/gitops/app/bootstrap/cmd.go Co-authored-by: Eneko Fernández <[email protected]> * refactor git utility & add unit-test * remove out of scope componenets * apply code review comments to refactor file names and error messages * move bootstrap package under pkg * refactor using the k8s client and add silent mode refactor git utils * fix admin password * verify username and password * remove unused methods * fix spelling * remove aws related stuff * use git library add check for previous installation * fix lint * imporve error messages to stage failures * adjust gitopssets values and installation checks * clean silent mode * add checks for kubeconfig * adjust admin password * refactor commands to use config interface struct * improve error messages * remove unused variable * wip adding cli design doc * wip adding cli design doc * add error guidance * rename config to bootstrapper to be more clear * refactor commands to use steps pattern * continue on refactor commands to use steps pattern * fix ssh authenticate by explictly asking for private key file in case the key is not loaded in ssh agent. this usually happens on macos * added integration test, refactored configuration and design (#3458) * Changes after the review to enhance the following aspects Testing: - Added integration test so we could test the functionality e2e: it uses some local configuration that we need to test but already provides the acceptance layer that we were missing: Design: - Bootstrap workflow moved to the domain layer within `pkg` so it could be presented in different forms. - Integrated configuration chain of responsibility into a single a builder pattern, so we have configurability in this layer. As a result: - we dont need to pass the flags to the steps - we config the stepsbefore the workflow is executed which seems the right moment. Other refactors: - Moved steps to package `steps` from `command` for consistency * integrated ssh key management * add events and error messages and fix domain bug * add current context * fix lint * add entitlement expiration message * fix entitlement expiration * fix entitlement expiration * seperate entitlement secret validations * add messages for flux * edit messages to small letter and update success messages * add validation for password and wge version * add test cases for admin password create creds * add test cases for domain type * update entitlement test * add validation on password input * remove aws related message * panic in case of casting error to give more context about the error * handle portforward and error messages * fix external dns spacing * add validation on domain type * Cli eneko review (#3474) * reviewed documentation * updated docs with waleed input * reviewed TBD * latest set of changes * removing commented * remove debugging * removed stale documentation * removed withe space * review * removed unused --------- Co-authored-by: Ahmad Samir <[email protected]> Co-authored-by: Eneko Fernández <[email protected]> Co-authored-by: Eneko Fernandez <[email protected]> * build(deps): Ensure protoc-gen-grpc-gateway-ts is installed when running `make dependencies` * fix: Remove action that configured AWS credentials for use against an EKS test cluster. * fix wge cli bootstrap command description (#3479) * fix wge cli bootstrap command description * capital letter --------- Co-authored-by: Eneko Fernandez <[email protected]> * Add eslintrc file from OSS and fix resulting errors (#3346) * disable all testing rules, tests need to be reworked * spyOn yaml.parse instead of mock * Added react-hooks plugin to eslint * specify groups for import ordering * rebase * uneccessary package * add url to font imports, ts ignore correct parcel imports of oss types in auth buttons * more extra packages * add linting to ui-unit-tests job in github workflow * pesky pipeline details snap * maybe the snap from main will do * re-deleting files that got added in a rebase * fix list events import in gitopssets detail --------- Co-authored-by: Jordan Pellizzari <[email protected]> * Use environment-specific promotion strategies in Pipelines UI (#3446) * different field for target number * add promotion to protobuf for environment * getStrategy func * go? * update strategy text tests * ....sigh....snapshots * fix: Update test * something horrible has happened to the pipeline details snapshot test and i hate it * just as i suspected the snap needed to be updated again * pipeline details snap from main who knows where i went wrong * welp once again i have updated the evil pipeline details snap * import order * okay im deleting the snapshot bc not only is it annoying but the entire ui is changing and i will make a new one later --------- Co-authored-by: Yiannis <[email protected]> * Disconnect cluster in gitops (#3470) * Add delete service account resources * Test pass for delete service account resources * Add label managed-by to resources when being created during reconciliation * Fix DisconnectCluster function to include retrieving service account name and cluster role binding name and delete resources accordingly * Add gitops disconnect cluster cmd * Add service account name and cluster role binding name flags to gitops disconnect cmd Add check service account name and check cluster role binding name functions to verify their existance with the connect-cluster label * Add existing resources to simpleClientSet when creating it instead of using helper function in service account tests * Make newGitopsClusterScheme unexposed * Move prerun disinheritApiFlags to new function in common app pkg in cmd gitops pkg dir * update go.mod * Fixes the prod build of the UI loading (#3486) * Fixes the prod build of the UI loading - We've bumped into the YAML import issues again - Some part of the parcel build pipeline (minify?/pack?) seems to have trouble w/ this particular YAML package. First noticed in the intial migration from webpack to parcel * Downgrade git-url-parse to fix another parcel build issue * Update yaml view props for new oss version (#3489) * update yaml view for new oss version * lint * import notifications from OSS * move AlertListErrors to OSS * update snaps * update snap --------- Signed-off-by: wge-build-bot <[email protected]> Co-authored-by: Kevin McDermott <[email protected]> Co-authored-by: opudrovs <[email protected]> Co-authored-by: Yiannis Triantafyllopoulos <[email protected]> Co-authored-by: wge-build-bot <[email protected]> Co-authored-by: wge-build-bot <[email protected]> Co-authored-by: Ahmad Samir <[email protected]> Co-authored-by: Waleed Hammam <[email protected]> Co-authored-by: Eneko Fernández <[email protected]> Co-authored-by: Eneko Fernandez <[email protected]> Co-authored-by: Yiannis <[email protected]> Co-authored-by: Joshua Israel <[email protected]> Co-authored-by: Jordan Pellizzari <[email protected]> Co-authored-by: Rana Tarek Hassan <[email protected]> Co-authored-by: Simon <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #3406
What changed?
Why was this change made?
How was this change implemented?
How did you validate the change?
Release notes
Documentation Changes
https://docs.google.com/document/d/1FDjwwBj0o-uLNVIjSjcBF9FB6sckFVEi-wAcB8nFpdk/edit#heading=h.ii0rztj6esmh
Other follow ups