From 69e46572b98c7fca90a82b8466e51632e429250c Mon Sep 17 00:00:00 2001 From: wadeking98 Date: Mon, 11 Jan 2021 14:54:15 -0800 Subject: [PATCH 01/14] function to autobuild artifactory style secrets --- bin/compBuilds.sh | 5 +++++ bin/ocFunctions.inc | 32 +++++++++++++++++++++++++++++--- 2 files changed, 34 insertions(+), 3 deletions(-) diff --git a/bin/compBuilds.sh b/bin/compBuilds.sh index ed948f0..85a9b29 100755 --- a/bin/compBuilds.sh +++ b/bin/compBuilds.sh @@ -78,6 +78,11 @@ generateBuildConfigs() { # ----------------------------------------------------------------------------------------------------------------- generateBuildConfigs +if [ ! -z ${USE_PULL_CREDS} ] && [ ${USE_PULL_CREDS}=true ]; then + echo "BUILDING PULL CREDS" + buildCreds ${TOOLS} ${CRED_SEARCH_NAME} ${PULL_CREDS} docker-remote.artifacts.developer.gov.bc.ca +fi + if [ -z ${GEN_ONLY} ]; then echo -e \\n"Deploying build configuration files ..." deployBuildConfigs diff --git a/bin/ocFunctions.inc b/bin/ocFunctions.inc index 21fc456..fd50392 100755 --- a/bin/ocFunctions.inc +++ b/bin/ocFunctions.inc @@ -1788,17 +1788,43 @@ generateSeed() { function getSecret() { ( resourceName=${1} - key=${2} + keys=${2} projectName=${3:-$(getProjectName)} - if [ -z "${resourceName}" ] || [ -z "${key}" ]; then + if [ -z "${resourceName}" ] || [ -z "${keys}" ]; then echoError "\ngetSecret; You must specify the 'resourceName' and 'key'.\n" exit 1 fi - echo $(oc -n ${projectName} extract --to=- --keys=${key} secret/${resourceName} 2>&1 | sed -n 2p) + echo $(oc -n ${projectName} extract --to=- --keys=${keys} secret/${resourceName} 2>&1 | sed -n '/#/ !p') ) } +function buildCreds() { + namespaceName=${1} + credName=${2} + newCredName=${3} + dockerReg=${4} + credName=$(oc get secrets -n ${namespaceName} | sed -n "/^${credName}\b/p" | awk '{print $1}') + + userPass=$(getSecret ${credName} username,password ${namespaceName}) + userName=userPass[0] + password=userPass[1] + + echo $namespaceName + echo $credName + echo $newCredName + echo $dockerReg + + + oc create secret docker-registry ${newCredName} -n ${namespaceName} \ + --docker-server=${dockerReg} \ + --docker-username=${userName} \ + --docker-password=${password} \ + --docker-email=unused + oc secrets link default artifactory-creds --for=pull + oc secrets link builder artifactory-creds +} + function listBuildRefs() { # Lists build configurations and their git references in a convenient column format. ( From 244a12a1978ea0e47c820e19b83f1c6b7c0bd873 Mon Sep 17 00:00:00 2001 From: wadeking98 Date: Tue, 12 Jan 2021 12:46:48 -0800 Subject: [PATCH 02/14] updated to read pull secret configs from settings --- bin/compBuilds.sh | 9 +++++-- bin/ocFunctions.inc | 64 +++++++++++++++++++++++++++++++-------------- 2 files changed, 52 insertions(+), 21 deletions(-) diff --git a/bin/compBuilds.sh b/bin/compBuilds.sh index 85a9b29..24c33fc 100755 --- a/bin/compBuilds.sh +++ b/bin/compBuilds.sh @@ -78,9 +78,14 @@ generateBuildConfigs() { # ----------------------------------------------------------------------------------------------------------------- generateBuildConfigs -if [ ! -z ${USE_PULL_CREDS} ] && [ ${USE_PULL_CREDS}=true ]; then +#setup artifactory/docker pull creds +if [ ! -z ${USE_PULL_CREDS} ] && [ ${USE_PULL_CREDS} = true ]; then echo "BUILDING PULL CREDS" - buildCreds ${TOOLS} ${CRED_SEARCH_NAME} ${PULL_CREDS} docker-remote.artifacts.developer.gov.bc.ca + if [ -z ${CRED_SEARCH_NAME} ]; then + buildPromptCreds ${PROJECT_NAMESPACE} ${PULL_CREDS} ${DOCKER_REG} "${CRED_ENVS[@]}" ${DOCKER_USERNAME} ${DOCKER_PASSWORD} + else + buildCreds ${PROJECT_NAMESPACE} ${CRED_SEARCH_NAME} ${PULL_CREDS} ${DOCKER_REG} "${CRED_ENVS[@]}" + fi fi if [ -z ${GEN_ONLY} ]; then diff --git a/bin/ocFunctions.inc b/bin/ocFunctions.inc index fd50392..4c10420 100755 --- a/bin/ocFunctions.inc +++ b/bin/ocFunctions.inc @@ -1799,32 +1799,58 @@ function getSecret() { ) } +function buildPromptCreds(){ + namespaceName=${1} + newCredName=${2} + dockerReg=${3} + credEnvs=${4} + userName=${5} + password=${6} + + if ([ -z ${userName} ] || [ -z ${password} ]); then + echo "Please enter your ${dockerReg} username" + read userName + + echo "Please enter your ${dockerReg} password" + read password + fi + + #set cred env to tools if unset + if [ -z "${credEnvs}" ]; then + credEnvs="tools" + fi + #create pull secret in each environment we need + for env in ${credEnvs}; do + oc create secret docker-registry ${newCredName} -n ${namespaceName}-${env} \ + --docker-server=${dockerReg} \ + --docker-username=${userName} \ + --docker-password=${password} \ + --docker-email=unused + oc secrets link default ${newCredName} --for=pull + oc secrets link builder ${newCredName} + done + + +} + function buildCreds() { namespaceName=${1} credName=${2} newCredName=${3} dockerReg=${4} - credName=$(oc get secrets -n ${namespaceName} | sed -n "/^${credName}\b/p" | awk '{print $1}') - - userPass=$(getSecret ${credName} username,password ${namespaceName}) - userName=userPass[0] - password=userPass[1] - - echo $namespaceName - echo $credName - echo $newCredName - echo $dockerReg - - - oc create secret docker-registry ${newCredName} -n ${namespaceName} \ - --docker-server=${dockerReg} \ - --docker-username=${userName} \ - --docker-password=${password} \ - --docker-email=unused - oc secrets link default artifactory-creds --for=pull - oc secrets link builder artifactory-creds + credEnvs=${5} + + #search for the credential name, limit to 1st result + credName=$(oc get secrets -n ${namespaceName}-tools | sed -n "/${credName}/p" | awk '{print $1}' | head -1) + + userName=$(getSecret ${credName} username ${namespaceName}-tools) + password=$(getSecret ${credName} password ${namespaceName}-tools) + + buildPromptCreds ${namespaceName} ${newCredName} ${dockerReg} "${credEnvs[@]}" ${userName} ${password} } + + function listBuildRefs() { # Lists build configurations and their git references in a convenient column format. ( From 7fff97995f323dba655435b9107fb5ca1e63f49b Mon Sep 17 00:00:00 2001 From: wadeking98 Date: Tue, 12 Jan 2021 12:46:55 -0800 Subject: [PATCH 03/14] updated docs --- bin/README.md | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/bin/README.md b/bin/README.md index aa64b7a..4738603 100644 --- a/bin/README.md +++ b/bin/README.md @@ -128,12 +128,20 @@ RootProjectDir You will need to include a `settings.sh` file in your top level `./openshift` directory that contains your project specific settings. At a minimum this file should contain definitions for your `PROJECT_NAMESPACE`, `GIT_URI`, and `GIT_REF` all of which should be setup to be overridable. - +The commented out sections are used for creating pull secrets, if you plan on using different docker registry, follow the instructions for setting up +pull credentials [here](#setting-up-pull-secrets) **For Example:** ``` export PROJECT_NAMESPACE=${PROJECT_NAMESPACE:-devex-von-permitify} export GIT_URI=${GIT_URI:-"https://github.com/bcgov/permitify.git"} export GIT_REF=${GIT_REF:-"master"} +# export USE_PULL_CREDS=true +# export PULL_CREDS=artifactory-creds +# export CRED_SEARCH_NAME=artifacts-default +# export DOCKER_REG=docker-remote.artifacts.developer.gov.bc.ca +# export DOCKER_USERNAME=username +# export DOCKER_PASSWORD=password +# export CRED_ENVS="tools dev" ``` **Full Simple Project Structure Example:** @@ -180,6 +188,25 @@ export images="angular-on-nginx django solr schema-spy" # The routes for the project export routes="angular-on-nginx django solr schema-spy" ``` +## Setting up pull secrets +To get around docker rate limiting, you may need to create an account on docker.io or use artifactory. In order to do this, you will need to set up +a pull secret. Here are the environment variables you should add to the bottom of your settings.sh or settings.local.sh. +- `USE_PULL_CREDS` is a boolean flag that allows to specify whether or not you want to build the pull credentials. +- `PULL_CREDS` will be the name of the newly created pull credentials. +- `CRED_SEARCH_NAME` is only needed if you have an existing credential you want to create a pull secret from. If you're using using artifactory this will be `artifacts-default-******`. `CRED_SEARCH_NAME` will search the tools environment for any secret that contains the search name, that way you don't have to know the random string at the end of artifacts-default-... . +- `DOCKER_REG` is the name of the docker registry, ex:`docker.io` +- `DOCKER_USERNAME` and `DOCKER_PASSWORD` are your login credentials for the docker registry. You don't need these if you're using `CRED_SEARCH_NAME`. altenratively you could remove these or leave them blank and you will be prompted for them in the build. +- `CRED_ENVS` is any environment that you're going to be pulling images from. Usually dev and tools or prod and tools. +``` +export USE_PULL_CREDS=true #required +export PULL_CREDS=artifactory-creds #required +export CRED_SEARCH_NAME=artifacts-default +export DOCKER_REG=docker-remote.artifacts.developer.gov.bc.ca #required +export DOCKER_USERNAME=username +export DOCKER_PASSWORD=password +export CRED_ENVS="tools dev" +``` +After your settings.sh is set up, follow the instructions on [artifactory](https://developer.gov.bc.ca/Artifact-Repositories) pertaining to adding a pull secret to your json/yaml config files. (you can skip any `oc` commands since we've already done them in the build) ## Settings.local.sh From b9ad7a91a02e98a6113917252aff3a555ba036e7 Mon Sep 17 00:00:00 2001 From: wadeking98 Date: Fri, 15 Jan 2021 11:55:38 -0800 Subject: [PATCH 04/14] update to have default vals for pull_cred env vars --- bin/ocFunctions.inc | 37 +++++++++++++++++++++++++++---------- 1 file changed, 27 insertions(+), 10 deletions(-) diff --git a/bin/ocFunctions.inc b/bin/ocFunctions.inc index 4c10420..ba17118 100755 --- a/bin/ocFunctions.inc +++ b/bin/ocFunctions.inc @@ -1788,14 +1788,14 @@ generateSeed() { function getSecret() { ( resourceName=${1} - keys=${2} + key=${2} projectName=${3:-$(getProjectName)} - if [ -z "${resourceName}" ] || [ -z "${keys}" ]; then + if [ -z "${resourceName}" ] || [ -z "${key}" ]; then echoError "\ngetSecret; You must specify the 'resourceName' and 'key'.\n" exit 1 fi - echo $(oc -n ${projectName} extract --to=- --keys=${keys} secret/${resourceName} 2>&1 | sed -n '/#/ !p') + echo $(oc -n ${projectName} extract --to=- --keys=${key} secret/${resourceName} 2>&1 | sed -n 2p) ) } @@ -1808,10 +1808,10 @@ function buildPromptCreds(){ password=${6} if ([ -z ${userName} ] || [ -z ${password} ]); then - echo "Please enter your ${dockerReg} username" + echoWarning "Please enter your ${dockerReg} username" read userName - echo "Please enter your ${dockerReg} password" + echoWarning "Please enter your ${dockerReg} password" read password fi @@ -1821,13 +1821,22 @@ function buildPromptCreds(){ fi #create pull secret in each environment we need for env in ${credEnvs}; do + cred_exists=0 + oc create secret docker-registry ${newCredName} -n ${namespaceName}-${env} \ --docker-server=${dockerReg} \ --docker-username=${userName} \ --docker-password=${password} \ - --docker-email=unused - oc secrets link default ${newCredName} --for=pull - oc secrets link builder ${newCredName} + --docker-email=unused &> /dev/null || cred_exists=1 + if (( ! ${cred_exists})); then + oc secrets link default ${newCredName} --for=pull + oc secrets link builder ${newCredName} + + echoWarning "Created ${newCredName} in ${env}" + else + echoWarning "${newCredName} already exists in ${env}, skipping..." + fi + done @@ -1845,8 +1854,16 @@ function buildCreds() { userName=$(getSecret ${credName} username ${namespaceName}-tools) password=$(getSecret ${credName} password ${namespaceName}-tools) - - buildPromptCreds ${namespaceName} ${newCredName} ${dockerReg} "${credEnvs[@]}" ${userName} ${password} + #if we fail to find cred search name do nothing + if [ ! -z ${credName} ] && [ ! -z ${userName} ] && [ ! -z ${password} ]; then + echoWarning "Found secret ${credName}, would you like to use this as a docker registry pull secret? (y/n)" + read resp + if [ ${resp} = "y" ]; then + buildPromptCreds ${namespaceName} ${newCredName} ${dockerReg} "${credEnvs[@]}" ${userName} ${password} + else + echo "Done!" + fi + fi } From 5d83412a54c21ebf849ea6cbfa81e418ccbe61a7 Mon Sep 17 00:00:00 2001 From: wadeking98 Date: Fri, 15 Jan 2021 11:56:07 -0800 Subject: [PATCH 05/14] moved build creds from compBuils to initOS --- bin/compBuilds.sh | 10 ---------- bin/initOSProjects.sh | 18 ++++++++++++++++++ 2 files changed, 18 insertions(+), 10 deletions(-) diff --git a/bin/compBuilds.sh b/bin/compBuilds.sh index 24c33fc..ed948f0 100755 --- a/bin/compBuilds.sh +++ b/bin/compBuilds.sh @@ -78,16 +78,6 @@ generateBuildConfigs() { # ----------------------------------------------------------------------------------------------------------------- generateBuildConfigs -#setup artifactory/docker pull creds -if [ ! -z ${USE_PULL_CREDS} ] && [ ${USE_PULL_CREDS} = true ]; then - echo "BUILDING PULL CREDS" - if [ -z ${CRED_SEARCH_NAME} ]; then - buildPromptCreds ${PROJECT_NAMESPACE} ${PULL_CREDS} ${DOCKER_REG} "${CRED_ENVS[@]}" ${DOCKER_USERNAME} ${DOCKER_PASSWORD} - else - buildCreds ${PROJECT_NAMESPACE} ${CRED_SEARCH_NAME} ${PULL_CREDS} ${DOCKER_REG} "${CRED_ENVS[@]}" - fi -fi - if [ -z ${GEN_ONLY} ]; then echo -e \\n"Deploying build configuration files ..." deployBuildConfigs diff --git a/bin/initOSProjects.sh b/bin/initOSProjects.sh index 89ea557..bba8ef4 100755 --- a/bin/initOSProjects.sh +++ b/bin/initOSProjects.sh @@ -35,3 +35,21 @@ for project in ${PROJECT_NAMESPACE}-${DEV} ${PROJECT_NAMESPACE}-${TEST} ${PROJEC exitOnError done + +#look through the tools env for artifactory-creds +#setup artifactory/docker pull creds +USE_PULL_CREDS=${USE_PULL_CREDS:-true} +CRED_SEARCH_NAME=${CRED_SEARCH_NAME:-artifacts-default} +PULL_CREDS=${PULL_CREDS:-artifactory-creds} +DOCKER_REG=${DOCKER_REG:-docker-remote.artifacts.developer.gov.bc.ca} +CRED_ENVS="${CRED_ENVS[@]:-tools dev test prod}" +PROMPT_CREDS=${PROMPT_CREDS:-false} + + +if [ ! -z ${USE_PULL_CREDS} ] && [ ${USE_PULL_CREDS} = true ]; then + if [ ! -z ${PROMPT_CREDS} ] && [ ${PROMPT_CREDS} = true ]; then + buildPromptCreds ${PROJECT_NAMESPACE} ${PULL_CREDS} ${DOCKER_REG} "${CRED_ENVS[@]}" ${DOCKER_USERNAME} ${DOCKER_PASSWORD} + else + buildCreds ${PROJECT_NAMESPACE} ${CRED_SEARCH_NAME} ${PULL_CREDS} ${DOCKER_REG} "${CRED_ENVS[@]}" + fi +fi From 94712af0906eb903e33f13ffe95eef5f0395ce59 Mon Sep 17 00:00:00 2001 From: wadeking98 Date: Fri, 15 Jan 2021 11:56:36 -0800 Subject: [PATCH 06/14] updated docs for new pull secret functionality --- bin/README.md | 50 ++++++++++++++++++++++++++++++++++---------------- 1 file changed, 34 insertions(+), 16 deletions(-) diff --git a/bin/README.md b/bin/README.md index 4738603..d6b2afc 100644 --- a/bin/README.md +++ b/bin/README.md @@ -189,24 +189,42 @@ export images="angular-on-nginx django solr schema-spy" export routes="angular-on-nginx django solr schema-spy" ``` ## Setting up pull secrets -To get around docker rate limiting, you may need to create an account on docker.io or use artifactory. In order to do this, you will need to set up -a pull secret. Here are the environment variables you should add to the bottom of your settings.sh or settings.local.sh. -- `USE_PULL_CREDS` is a boolean flag that allows to specify whether or not you want to build the pull credentials. -- `PULL_CREDS` will be the name of the newly created pull credentials. -- `CRED_SEARCH_NAME` is only needed if you have an existing credential you want to create a pull secret from. If you're using using artifactory this will be `artifacts-default-******`. `CRED_SEARCH_NAME` will search the tools environment for any secret that contains the search name, that way you don't have to know the random string at the end of artifacts-default-... . -- `DOCKER_REG` is the name of the docker registry, ex:`docker.io` -- `DOCKER_USERNAME` and `DOCKER_PASSWORD` are your login credentials for the docker registry. You don't need these if you're using `CRED_SEARCH_NAME`. altenratively you could remove these or leave them blank and you will be prompted for them in the build. -- `CRED_ENVS` is any environment that you're going to be pulling images from. Usually dev and tools or prod and tools. +To get around docker rate limiting, you may need to create an account on docker.io or use artifactory. In order to do this, you will need to set up a pull secret. If you are using artifactory and have an `artifacts-default-******` credential in your tools environement, simply run +> oc initOSProjects.sh + +or + +> oc initOSProjects.sh -l + +and enter `y` when asked if you want to use pull credential `artifacts-default-******` + +If you are planning on using a custom docker registry, you will need to add any of the following relevant environment variables to your `settings.sh` or `settings.local.sh` file and override them ``` -export USE_PULL_CREDS=true #required -export PULL_CREDS=artifactory-creds #required +export USE_PULL_CREDS=true +export PULL_CREDS=artifactory-creds export CRED_SEARCH_NAME=artifacts-default -export DOCKER_REG=docker-remote.artifacts.developer.gov.bc.ca #required -export DOCKER_USERNAME=username -export DOCKER_PASSWORD=password -export CRED_ENVS="tools dev" -``` -After your settings.sh is set up, follow the instructions on [artifactory](https://developer.gov.bc.ca/Artifact-Repositories) pertaining to adding a pull secret to your json/yaml config files. (you can skip any `oc` commands since we've already done them in the build) +export DOCKER_REG=docker-remote.artifacts.developer.gov.bc.ca +export CRED_ENVS="tools dev prod test" +export PROMPT_CREDS=false +``` +These environment variables are all populated with default values so you only have to add one to your settings if you wish to change it. +- `USE_PULL_CREDS` is a boolean flag that specifies whether or not you want to build the pull credentials. +- `PULL_CREDS` will be the name of the newly created pull credentials. +- `CRED_SEARCH_NAME` is only needed if you have an existing credential you want to create a pull secret from. If you're using using artifactory this will be `artifacts-default-******`. `CRED_SEARCH_NAME` will search the tools environment for any secret that contains the search name, that way you don't have to know the random string at the end of artifacts-default-... . +- `CRED_ENVS` is any environment that you're going to be pulling images from. Usually dev and tools or prod and tools. +- `PROMPT_CREDS` if set to true this will prompt the user to enter their credentials instead of searching for them in tools + + +After your settings.sh is set up, run +> oc initOSProjects.sh + +or + +> oc initOSProjects.sh -l + +and follow the prompts on the screen. + +***After your pull secret is set up, follow the instructions on [artifactory](https://developer.gov.bc.ca/Artifact-Repositories) pertaining to adding a pull secret to your json/yaml config files. (you can skip any `oc` commands since we've already done them in the build)*** ## Settings.local.sh From 9957ff03d5c105c730c376f691878b6680082bc4 Mon Sep 17 00:00:00 2001 From: wadeking98 Date: Fri, 15 Jan 2021 12:09:51 -0800 Subject: [PATCH 07/14] tweaks to readme artifactory wording --- bin/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/README.md b/bin/README.md index d6b2afc..76424fe 100644 --- a/bin/README.md +++ b/bin/README.md @@ -189,7 +189,7 @@ export images="angular-on-nginx django solr schema-spy" export routes="angular-on-nginx django solr schema-spy" ``` ## Setting up pull secrets -To get around docker rate limiting, you may need to create an account on docker.io or use artifactory. In order to do this, you will need to set up a pull secret. If you are using artifactory and have an `artifacts-default-******` credential in your tools environement, simply run +To get around docker rate limiting, you may need to create an account on docker.io or use another docker image registry (e.g.: Artifactory). In order to do this, you will need to set up a pull secret. If you are using artifactory and have an `artifacts-default-******` credential in your tools environement, simply run > oc initOSProjects.sh or From eff1cf1963373ca6878f3edecafad1e3d16e3c44 Mon Sep 17 00:00:00 2001 From: wadeking98 Date: Fri, 15 Jan 2021 12:14:32 -0800 Subject: [PATCH 08/14] removed --for-pull from build secret --- bin/ocFunctions.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/ocFunctions.inc b/bin/ocFunctions.inc index ba17118..a004d4c 100755 --- a/bin/ocFunctions.inc +++ b/bin/ocFunctions.inc @@ -1829,7 +1829,7 @@ function buildPromptCreds(){ --docker-password=${password} \ --docker-email=unused &> /dev/null || cred_exists=1 if (( ! ${cred_exists})); then - oc secrets link default ${newCredName} --for=pull + oc secrets link default ${newCredName} oc secrets link builder ${newCredName} echoWarning "Created ${newCredName} in ${env}" From d8c04c6d04536d8e99390fd706fedaa13d368a36 Mon Sep 17 00:00:00 2001 From: wadeking98 Date: Fri, 15 Jan 2021 12:24:20 -0800 Subject: [PATCH 09/14] change docker-email to use env vars --- bin/ocFunctions.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/ocFunctions.inc b/bin/ocFunctions.inc index a004d4c..4509023 100755 --- a/bin/ocFunctions.inc +++ b/bin/ocFunctions.inc @@ -1827,7 +1827,7 @@ function buildPromptCreds(){ --docker-server=${dockerReg} \ --docker-username=${userName} \ --docker-password=${password} \ - --docker-email=unused &> /dev/null || cred_exists=1 + --docker-email=${userName}@${namespaceName}-${env}.local &> /dev/null || cred_exists=1 if (( ! ${cred_exists})); then oc secrets link default ${newCredName} oc secrets link builder ${newCredName} From 473f8d78fe251773e3e8a12677223ad5b599f405 Mon Sep 17 00:00:00 2001 From: Wade King Date: Wed, 20 Jan 2021 09:47:15 -0800 Subject: [PATCH 10/14] removed DOCKER_USERNAME and DOCKER_PASSWORD from readme --- bin/README.md | 47 +---------------------------------------------- 1 file changed, 1 insertion(+), 46 deletions(-) diff --git a/bin/README.md b/bin/README.md index 76424fe..aa64b7a 100644 --- a/bin/README.md +++ b/bin/README.md @@ -128,20 +128,12 @@ RootProjectDir You will need to include a `settings.sh` file in your top level `./openshift` directory that contains your project specific settings. At a minimum this file should contain definitions for your `PROJECT_NAMESPACE`, `GIT_URI`, and `GIT_REF` all of which should be setup to be overridable. -The commented out sections are used for creating pull secrets, if you plan on using different docker registry, follow the instructions for setting up -pull credentials [here](#setting-up-pull-secrets) + **For Example:** ``` export PROJECT_NAMESPACE=${PROJECT_NAMESPACE:-devex-von-permitify} export GIT_URI=${GIT_URI:-"https://github.com/bcgov/permitify.git"} export GIT_REF=${GIT_REF:-"master"} -# export USE_PULL_CREDS=true -# export PULL_CREDS=artifactory-creds -# export CRED_SEARCH_NAME=artifacts-default -# export DOCKER_REG=docker-remote.artifacts.developer.gov.bc.ca -# export DOCKER_USERNAME=username -# export DOCKER_PASSWORD=password -# export CRED_ENVS="tools dev" ``` **Full Simple Project Structure Example:** @@ -188,43 +180,6 @@ export images="angular-on-nginx django solr schema-spy" # The routes for the project export routes="angular-on-nginx django solr schema-spy" ``` -## Setting up pull secrets -To get around docker rate limiting, you may need to create an account on docker.io or use another docker image registry (e.g.: Artifactory). In order to do this, you will need to set up a pull secret. If you are using artifactory and have an `artifacts-default-******` credential in your tools environement, simply run -> oc initOSProjects.sh - -or - -> oc initOSProjects.sh -l - -and enter `y` when asked if you want to use pull credential `artifacts-default-******` - -If you are planning on using a custom docker registry, you will need to add any of the following relevant environment variables to your `settings.sh` or `settings.local.sh` file and override them -``` -export USE_PULL_CREDS=true -export PULL_CREDS=artifactory-creds -export CRED_SEARCH_NAME=artifacts-default -export DOCKER_REG=docker-remote.artifacts.developer.gov.bc.ca -export CRED_ENVS="tools dev prod test" -export PROMPT_CREDS=false -``` -These environment variables are all populated with default values so you only have to add one to your settings if you wish to change it. -- `USE_PULL_CREDS` is a boolean flag that specifies whether or not you want to build the pull credentials. -- `PULL_CREDS` will be the name of the newly created pull credentials. -- `CRED_SEARCH_NAME` is only needed if you have an existing credential you want to create a pull secret from. If you're using using artifactory this will be `artifacts-default-******`. `CRED_SEARCH_NAME` will search the tools environment for any secret that contains the search name, that way you don't have to know the random string at the end of artifacts-default-... . -- `CRED_ENVS` is any environment that you're going to be pulling images from. Usually dev and tools or prod and tools. -- `PROMPT_CREDS` if set to true this will prompt the user to enter their credentials instead of searching for them in tools - - -After your settings.sh is set up, run -> oc initOSProjects.sh - -or - -> oc initOSProjects.sh -l - -and follow the prompts on the screen. - -***After your pull secret is set up, follow the instructions on [artifactory](https://developer.gov.bc.ca/Artifact-Repositories) pertaining to adding a pull secret to your json/yaml config files. (you can skip any `oc` commands since we've already done them in the build)*** ## Settings.local.sh From f089a884b3252d137245502fa3bb54332fad77c3 Mon Sep 17 00:00:00 2001 From: wadeking98 Date: Wed, 20 Jan 2021 13:15:53 -0800 Subject: [PATCH 11/14] changed array processing --- bin/initOSProjects.sh | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/bin/initOSProjects.sh b/bin/initOSProjects.sh index bba8ef4..4114a7d 100755 --- a/bin/initOSProjects.sh +++ b/bin/initOSProjects.sh @@ -2,6 +2,17 @@ OCTOOLSBIN=$(dirname $0) +#look through the tools env for artifactory-creds +#setup artifactory/docker pull creds +USE_PULL_CREDS=${USE_PULL_CREDS:-true} +CRED_SEARCH_NAME=${CRED_SEARCH_NAME:-artifacts-default} +PULL_CREDS=${PULL_CREDS:-artifactory-creds} +DOCKER_REG=${DOCKER_REG:-docker-remote.artifacts.developer.gov.bc.ca} +PROMPT_CREDS=${PROMPT_CREDS:-false} +if [ -z ${CRED_ENVS} ]; then + CRED_ENVS="tools dev test prod" +fi + # =================================================================================== usage() { #Usage function cat <<-EOF @@ -36,16 +47,8 @@ for project in ${PROJECT_NAMESPACE}-${DEV} ${PROJECT_NAMESPACE}-${TEST} ${PROJEC done -#look through the tools env for artifactory-creds -#setup artifactory/docker pull creds -USE_PULL_CREDS=${USE_PULL_CREDS:-true} -CRED_SEARCH_NAME=${CRED_SEARCH_NAME:-artifacts-default} -PULL_CREDS=${PULL_CREDS:-artifactory-creds} -DOCKER_REG=${DOCKER_REG:-docker-remote.artifacts.developer.gov.bc.ca} -CRED_ENVS="${CRED_ENVS[@]:-tools dev test prod}" -PROMPT_CREDS=${PROMPT_CREDS:-false} - +#build the credentials if [ ! -z ${USE_PULL_CREDS} ] && [ ${USE_PULL_CREDS} = true ]; then if [ ! -z ${PROMPT_CREDS} ] && [ ${PROMPT_CREDS} = true ]; then buildPromptCreds ${PROJECT_NAMESPACE} ${PULL_CREDS} ${DOCKER_REG} "${CRED_ENVS[@]}" ${DOCKER_USERNAME} ${DOCKER_PASSWORD} From ddaee5d361dcddf747dc08d369719053835fc613 Mon Sep 17 00:00:00 2001 From: wadeking98 Date: Wed, 20 Jan 2021 16:31:33 -0800 Subject: [PATCH 12/14] updated pull secret func name --- bin/initOSProjects.sh | 4 ++-- bin/ocFunctions.inc | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/bin/initOSProjects.sh b/bin/initOSProjects.sh index 4114a7d..d1b22a6 100755 --- a/bin/initOSProjects.sh +++ b/bin/initOSProjects.sh @@ -51,8 +51,8 @@ done #build the credentials if [ ! -z ${USE_PULL_CREDS} ] && [ ${USE_PULL_CREDS} = true ]; then if [ ! -z ${PROMPT_CREDS} ] && [ ${PROMPT_CREDS} = true ]; then - buildPromptCreds ${PROJECT_NAMESPACE} ${PULL_CREDS} ${DOCKER_REG} "${CRED_ENVS[@]}" ${DOCKER_USERNAME} ${DOCKER_PASSWORD} + registerPullSecretPrompt ${PROJECT_NAMESPACE} ${PULL_CREDS} ${DOCKER_REG} "${CRED_ENVS[@]}" ${DOCKER_USERNAME} ${DOCKER_PASSWORD} else - buildCreds ${PROJECT_NAMESPACE} ${CRED_SEARCH_NAME} ${PULL_CREDS} ${DOCKER_REG} "${CRED_ENVS[@]}" + registerPullSecret ${PROJECT_NAMESPACE} ${CRED_SEARCH_NAME} ${PULL_CREDS} ${DOCKER_REG} "${CRED_ENVS[@]}" fi fi diff --git a/bin/ocFunctions.inc b/bin/ocFunctions.inc index 4509023..720ae43 100755 --- a/bin/ocFunctions.inc +++ b/bin/ocFunctions.inc @@ -1799,7 +1799,7 @@ function getSecret() { ) } -function buildPromptCreds(){ +function registerPullSecretPrompt(){ namespaceName=${1} newCredName=${2} dockerReg=${3} @@ -1842,7 +1842,7 @@ function buildPromptCreds(){ } -function buildCreds() { +function registerPullSecret() { namespaceName=${1} credName=${2} newCredName=${3} @@ -1859,7 +1859,7 @@ function buildCreds() { echoWarning "Found secret ${credName}, would you like to use this as a docker registry pull secret? (y/n)" read resp if [ ${resp} = "y" ]; then - buildPromptCreds ${namespaceName} ${newCredName} ${dockerReg} "${credEnvs[@]}" ${userName} ${password} + registerPullSecretPrompt ${namespaceName} ${newCredName} ${dockerReg} "${credEnvs[@]}" ${userName} ${password} else echo "Done!" fi From 8e35d47622ea3a038aad3caf23edcc24866b4f22 Mon Sep 17 00:00:00 2001 From: wadeking98 Date: Thu, 28 Jan 2021 09:36:57 -0800 Subject: [PATCH 13/14] changed working to include login token --- bin/ocFunctions.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/ocFunctions.inc b/bin/ocFunctions.inc index 720ae43..798072f 100755 --- a/bin/ocFunctions.inc +++ b/bin/ocFunctions.inc @@ -1811,7 +1811,7 @@ function registerPullSecretPrompt(){ echoWarning "Please enter your ${dockerReg} username" read userName - echoWarning "Please enter your ${dockerReg} password" + echoWarning "Please enter your ${dockerReg} password or login token" read password fi From 02ea4c3dc837c40aa99d73f05e8a955c072471ee Mon Sep 17 00:00:00 2001 From: wadeking98 Date: Thu, 28 Jan 2021 12:13:06 -0800 Subject: [PATCH 14/14] pushed logic into one function --- bin/initOSProjects.sh | 9 +-------- bin/ocFunctions.inc | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+), 8 deletions(-) diff --git a/bin/initOSProjects.sh b/bin/initOSProjects.sh index d1b22a6..c5d36ba 100755 --- a/bin/initOSProjects.sh +++ b/bin/initOSProjects.sh @@ -48,11 +48,4 @@ for project in ${PROJECT_NAMESPACE}-${DEV} ${PROJECT_NAMESPACE}-${TEST} ${PROJEC done -#build the credentials -if [ ! -z ${USE_PULL_CREDS} ] && [ ${USE_PULL_CREDS} = true ]; then - if [ ! -z ${PROMPT_CREDS} ] && [ ${PROMPT_CREDS} = true ]; then - registerPullSecretPrompt ${PROJECT_NAMESPACE} ${PULL_CREDS} ${DOCKER_REG} "${CRED_ENVS[@]}" ${DOCKER_USERNAME} ${DOCKER_PASSWORD} - else - registerPullSecret ${PROJECT_NAMESPACE} ${CRED_SEARCH_NAME} ${PULL_CREDS} ${DOCKER_REG} "${CRED_ENVS[@]}" - fi -fi +buildPullSecret ${USE_PULL_CREDS} ${CRED_SEARCH_NAME} ${PULL_CREDS} ${DOCKER_REG} ${PROMPT_CREDS} "${CRED_ENVS[@]}" diff --git a/bin/ocFunctions.inc b/bin/ocFunctions.inc index 798072f..286ee24 100755 --- a/bin/ocFunctions.inc +++ b/bin/ocFunctions.inc @@ -1799,6 +1799,24 @@ function getSecret() { ) } +function buildPullSecret(){ + USE_PULL_CREDS=${1} + CRED_SEARCH_NAME=${2} + PULL_CREDS=${3} + DOCKER_REG=${4} + PROMPT_CREDS=${5} + CRED_ENVS=${6} + + #build the credentials + if [ ! -z ${USE_PULL_CREDS} ] && [ ${USE_PULL_CREDS} = true ]; then + if [ ! -z ${PROMPT_CREDS} ] && [ ${PROMPT_CREDS} = true ]; then + registerPullSecretPrompt ${PROJECT_NAMESPACE} ${PULL_CREDS} ${DOCKER_REG} "${CRED_ENVS[@]}" ${DOCKER_USERNAME} ${DOCKER_PASSWORD} + else + registerPullSecret ${PROJECT_NAMESPACE} ${CRED_SEARCH_NAME} ${PULL_CREDS} ${DOCKER_REG} "${CRED_ENVS[@]}" + fi + fi +} + function registerPullSecretPrompt(){ namespaceName=${1} newCredName=${2}