diff --git a/root-applications/ibm-mas-sls-root/templates/100-ibm-sls-app.yaml b/root-applications/ibm-mas-sls-root/templates/100-ibm-sls-app.yaml index 0d84ab00f..c2ab33419 100644 --- a/root-applications/ibm-mas-sls-root/templates/100-ibm-sls-app.yaml +++ b/root-applications/ibm-mas-sls-root/templates/100-ibm-sls-app.yaml @@ -42,6 +42,13 @@ spec: ibm_customer_number: "{{ .Values.ibm_sls_standalone.ibm_customer_number }}" subscription_id: "{{ .Values.ibm_sls_standalone.subscription_id }}" sls_domain: "{{ .Values.ibm_sls_standalone.sls_domain }}" + {{- if .Values.ibm_sls_standalone.dns_provider }} + {{- if eq (lower .Values.ibm_sls_standalone.dns_provider) "cis" }} + dns_provider: "{{ .Values.ibm_sls_standalone.dns_provider }}" + cis_service_name: "{{ .Values.ibm_sls_standalone.cis_service_name }}" + cis_crn: "{{ .Values.ibm_sls_standalone.cis_crn }}" + {{- end }} + {{- end }} argo_namespace: "{{ .Values.argo.namespace }}" sm_aws_access_key_id: "{{ .Values.sm.aws_access_key_id }}" sm_aws_secret_access_key: "{{ .Values.sm.aws_secret_access_key }}" diff --git a/sls-applications/100-ibm-sls/templates/07-ibm-sls-dns_job.yaml b/sls-applications/100-ibm-sls/templates/07-ibm-sls-dns_job.yaml new file mode 100644 index 000000000..410f8df02 --- /dev/null +++ b/sls-applications/100-ibm-sls/templates/07-ibm-sls-dns_job.yaml @@ -0,0 +1,157 @@ + +{{- $_cli_image_digest := "sha256:55b5d6dd185503f14c112836a9a4899347d28e7b6545e0b9cf21d87f9526fb40" }} +{{ $aws_secret := "aws"}} +{{- $_job_name_prefix := "ibm-sls-dns" }} +{{- $_job_cleanup_group := cat $_job_name_prefix | sha1sum }} +{{- $_job_config_values := omit .Values "junitreporter" }} +{{- $_job_version := "v5" }} +{{- $_job_hash := print ($_job_config_values | toYaml) $_cli_image_digest $_job_version | adler32sum }} +{{- $_job_name := join "-" (list $_job_name_prefix $_job_hash )}} +{{- if not (empty .Values.dns_provider) }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ $_job_name }} + namespace: mas-{{ .Values.ibm_customer_number }}-{{ .Values.subscription_id }}-sls + annotations: + argocd.argoproj.io/sync-wave: "113" + argocd.argoproj.io/sync-options: Force=true + labels: + mas.ibm.com/job-cleanup-group: {{ $_job_cleanup_group }} +spec: + template: + metadata: + labels: + app: "postsync-ibm-sls-update-sm-job" + spec: + restartPolicy: Never + containers: + - name: run + image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + imagePullPolicy: IfNotPresent + env: + - name: ACCOUNT_ID + value: {{ .Values.account_id }} + - name: CLUSTER_ID + value: {{ .Values.cluster_id}} + - name: REGION_ID + value: {{ .Values.region_id }} + - name: ICN + value: '{{ .Values.ibm_customer_number }}' + - name: SUBSCRIPTION_ID + value: '{{ .Values.subscription_id }}' + - name: DOMAIN + value: '{{ .Values.sls_domain }}' + - name: CIS_SERVICE_NAME + value: '{{ .Values.cis_service_name }}' + - name: CIS_CRN + value: '{{ .Values.cis_crn }}' + - name: AVP_TYPE + value: "aws" + - name: IBMCLOUD_HOME + value: /tmp/bluemix + volumeMounts: + - name: aws + mountPath: /etc/mas/creds/aws + readOnly: true + command: ["/bin/sh", "-c"] + args: + - | + + set -e + + echo "Reading AWS credentials..." + SM_AWS_ACCESS_KEY_ID=$(cat /etc/mas/creds/aws/aws_access_key_id) + SM_AWS_SECRET_ACCESS_KEY=$(cat /etc/mas/creds/aws/aws_secret_access_key) + + export SM_AWS_REGION=${REGION_ID} + + echo $SM_AWS_REGION + + + source /mascli/functions/gitops_utils + sm_login + + echo "Fetching IBM API key from AWS Secrets Manager" + + SECRET_NAME_CIS="${ACCOUNT_ID}/${CLUSTER_ID}/cis" + + SECRET_JSON=$(aws secretsmanager get-secret-value \ + --secret-id ${SECRET_NAME_CIS} \ + --query SecretString \ + --output text) + + echo "Fetching OCP_INGRESS from AWS Secrets Manager" + + export PUBLIC_ELB_DNS_NAME_FILE="/tmp/public-elb-dns-name-file.json" + sm_get_secret_file ${ACCOUNT_ID}/${CLUSTER_ID}/public-elb ${PUBLIC_ELB_DNS_NAME_FILE} + export OCP_INGRESS=$(jq -r .dns $PUBLIC_ELB_DNS_NAME_FILE) + + IBM_APIKEY=$(echo ${SECRET_JSON} | jq -r '.ibm_apikey') + + if [[ -z "${IBM_APIKEY}" || "${IBM_APIKEY}" == "null" ]]; then + echo "Failed to fetch ibm_apikey from ${SECRET_NAME_CIS}" + exit 1 + fi + + if [[ -z "${OCP_INGRESS}" || "${OCP_INGRESS}" == "null" ]]; then + echo "Failed to fetch dns value from public-elb secret" + exit 1 + fi + + echo "Setting IBM CLI home to writable location..." + export IBMCLOUD_HOME=/tmp/bluemix + mkdir -p $IBMCLOUD_HOME + + echo "Logging into IBM Cloud..." + ibmcloud login --apikey ${IBM_APIKEY} -r us-east + + #echo "Targeting resource group..." + #ibmcloud target -g Default + + # 1. Disable the interactive update check to prevent the [y/N] prompt + ibmcloud config --check-version=false + + # 2. Install the Cloud Internet Services (CIS) plug-in + # The -f flag forces installation without a confirmation prompt + echo "Installing CIS plugin..." + ibmcloud plugin install cis -f + + + echo "Setting CIS instance..." + ibmcloud cis instance-set ${CIS_CRN} + + echo "Exporting DOMAIN_NAME..." + export DOMAIN_NAME=$(echo "$CIS_SERVICE_NAME" | sed 's/^CIS - //') + + echo "Cleaned Domain Name: $DOMAIN_NAME" + + echo "Fetching DOMAIN_ID..." + ibmcloud cis domains --output json + + DOMAIN_ID=$(ibmcloud cis domains --output json | jq -r ".[] | select(.name==\"$DOMAIN_NAME\") | .id") + + echo "domain id : $DOMAIN_ID" + + if [ -z "$DOMAIN_ID" ] || [ "$DOMAIN_ID" == "null" ]; then + echo "ERROR: Could not find Domain ID for name: $DOMAIN_NAME" + exit 1 + fi + + echo "Creating DNS record..." + ibmcloud cis dns-record-create "$DOMAIN_ID" \ + --type CNAME \ + --name "SLS.mas-${ICN}-${SUBSCRIPTION_ID}-SLS" \ + --content "${OCP_INGRESS}" \ + --proxied false + + echo "DNS record created successfully!" + + volumes: + - name: aws + secret: + secretName: aws # make sure this Secret exists in the same namespace + defaultMode: 420 +{{- end }} + diff --git a/sls-applications/100-ibm-sls/templates/07-postsync-update-sm_Job.yaml b/sls-applications/100-ibm-sls/templates/08-postsync-update-sm_Job.yaml similarity index 92% rename from sls-applications/100-ibm-sls/templates/07-postsync-update-sm_Job.yaml rename to sls-applications/100-ibm-sls/templates/08-postsync-update-sm_Job.yaml index ad8ee3b24..8d34ae679 100644 --- a/sls-applications/100-ibm-sls/templates/07-postsync-update-sm_Job.yaml +++ b/sls-applications/100-ibm-sls/templates/08-postsync-update-sm_Job.yaml @@ -26,7 +26,7 @@ Increment this value whenever you make a change to an immutable field of the Job E.g. passing in a new environment variable. Included in $_job_hash (see below). */}} -{{- $_job_version := "v3" }} +{{- $_job_version := "v4" }} {{- /* 10 char hash appended to the job name taking into account $_job_config_values, $_job_version and $_cli_image_digest @@ -144,8 +144,14 @@ rules: - "" resources: - configmaps - - + - verbs: + - get + - list + - patch + apiGroups: + - "route.openshift.io" + resources: + - routes --- kind: RoleBinding @@ -267,7 +273,25 @@ spec: SECRET_NAME_SLS=${ACCOUNT_ID}/${ICN}/${SUBSCRIPTION_ID}/sls TAGS="[{\"Key\": \"source\", \"Value\": \"postsync-ibm-sls-update-sm-job\"}, {\"Key\": \"account\", \"Value\": \"${ACCOUNT_ID}\"}, {\"Key\": \"subscription_id\", \"Value\": \"${SUBSCRIPTION_ID}\"}]" sm_update_secret $SECRET_NAME_SLS "{\"registration_key\": \"$SLS_REGISTRATION_KEY\", \"ca_b64\": \"$SLS_CA\", \"sls_url\":\"$SLS_URL\" }" "${TAGS}" + + # 1. Define the namespace using the environment variables passed to the container + namespace="mas-${ICN}-${SUBSCRIPTION_ID}-sls" + + echo "Fetching routes from ${namespace}" + + routes=$(oc get routes -n ${namespace} -o jsonpath='{range .items[*]}{.metadata.name}{"\n"}{end}') + + echo "Routes found:" + echo "${routes}" + + for route in $routes; do + echo "Adding label to route - ${route}" + oc patch route ${route} \ + -n ${namespace} \ + --type=merge \ + -p '{"metadata":{"labels":{"type":"external"}}}' + done restartPolicy: Never