From 67acd29541b9af0ac4f8aa3a78fcb4e6e7302507 Mon Sep 17 00:00:00 2001 From: JazminGonzalez-Rivero Date: Tue, 10 Jul 2018 17:26:07 -0400 Subject: [PATCH] move install functionality from custom to kubectl apply (#327) * check for keys on server startup * move manifest to it's own folder * revert Gopkg.lock changes * add default password warnings * update getting started docs * remove install dependency from e2e test * fix test pathing * readding 02* manifests * set url to blank as default * update sso docs * update getting_started to include namespace * make defaultSetting internal * remove extra check, should be caught by settingsMgr.GetSettings() error check * fix manifests path * error if configmap is missing, but replace if secret missing * fix getting started * set password to hostname * update comment for initializeSettings * remove unneeded bitbucket.webhook.uuid * Gopkg.lock modified --- Gopkg.lock | 2 +- cmd/argocd/commands/install.go | 75 ---- cmd/argocd/commands/root.go | 2 - cmd/argocd/commands/uninstall.go | 40 -- docs/sso.md | 37 +- install/install.go | 395 ------------------ install/manifests/02a_argocd-cm.yaml | 56 --- .../manifests => manifests}/00_namespace.yaml | 0 .../01a_application-crd.yaml | 0 .../01b_appproject-crd.yaml | 0 manifests/02a_argocd-cm.yaml | 9 + .../02b_argocd-secret.yaml | 14 +- .../02c_argocd-rbac-cm.yaml | 0 .../03a_application-controller-sa.yaml | 0 .../03b_application-controller-role.yaml | 0 ...3c_application-controller-rolebinding.yaml | 0 ...03d_application-controller-deployment.yaml | 0 .../04a_argocd-server-sa.yaml | 0 .../04b_argocd-server-role.yaml | 0 .../04c_argocd-server-rolebinding.yaml | 0 .../04d_argocd-server-deployment.yaml | 0 .../04e_argocd-server-service.yaml | 0 .../05a_argocd-repo-server-deployment.yaml | 0 .../05b_argocd-repo-server-service.yaml | 0 server/server.go | 61 ++- test/e2e/fixture.go | 5 +- util/settings/settings.go | 2 +- 27 files changed, 102 insertions(+), 596 deletions(-) delete mode 100644 cmd/argocd/commands/install.go delete mode 100644 cmd/argocd/commands/uninstall.go delete mode 100644 install/install.go delete mode 100644 install/manifests/02a_argocd-cm.yaml rename {install/manifests => manifests}/00_namespace.yaml (100%) rename {install/manifests => manifests}/01a_application-crd.yaml (100%) rename {install/manifests => manifests}/01b_appproject-crd.yaml (100%) create mode 100644 manifests/02a_argocd-cm.yaml rename {install/manifests => manifests}/02b_argocd-secret.yaml (50%) rename {install/manifests => manifests}/02c_argocd-rbac-cm.yaml (100%) rename {install/manifests => manifests}/03a_application-controller-sa.yaml (100%) rename {install/manifests => manifests}/03b_application-controller-role.yaml (100%) rename {install/manifests => manifests}/03c_application-controller-rolebinding.yaml (100%) rename {install/manifests => manifests}/03d_application-controller-deployment.yaml (100%) rename {install/manifests => manifests}/04a_argocd-server-sa.yaml (100%) rename {install/manifests => manifests}/04b_argocd-server-role.yaml (100%) rename {install/manifests => manifests}/04c_argocd-server-rolebinding.yaml (100%) rename {install/manifests => manifests}/04d_argocd-server-deployment.yaml (100%) rename {install/manifests => manifests}/04e_argocd-server-service.yaml (100%) rename {install/manifests => manifests}/05a_argocd-repo-server-deployment.yaml (100%) rename {install/manifests => manifests}/05b_argocd-repo-server-service.yaml (100%) diff --git a/Gopkg.lock b/Gopkg.lock index 5b6d998577..3a27612d46 100644 --- a/Gopkg.lock +++ b/Gopkg.lock @@ -1032,6 +1032,6 @@ [solve-meta] analyzer-name = "dep" analyzer-version = 1 - inputs-digest = "d07a9d8641579e64a9780c8ed8f89c727b7ea8e7806f81d9263498f1b925da33" + inputs-digest = "839d26383e983bd1388439f67b8ba360e3479b14c4a731f48413fa6ed78f6485" solver-name = "gps-cdcl" solver-version = 1 diff --git a/cmd/argocd/commands/install.go b/cmd/argocd/commands/install.go deleted file mode 100644 index 7b8ae2ae07..0000000000 --- a/cmd/argocd/commands/install.go +++ /dev/null @@ -1,75 +0,0 @@ -package commands - -import ( - "github.com/argoproj/argo-cd/errors" - "github.com/argoproj/argo-cd/install" - "github.com/argoproj/argo-cd/util/cli" - "github.com/spf13/cobra" - "k8s.io/client-go/tools/clientcmd" -) - -// NewInstallCommand returns a new instance of `argocd install` command -func NewInstallCommand() *cobra.Command { - var ( - clientConfig clientcmd.ClientConfig - installOpts install.InstallOptions - ) - var command = &cobra.Command{ - Use: "install", - Short: "Install Argo CD", - Long: "Install Argo CD", - Run: func(c *cobra.Command, args []string) { - conf, err := clientConfig.ClientConfig() - errors.CheckError(err) - namespace, wasSpecified, err := clientConfig.Namespace() - errors.CheckError(err) - if wasSpecified { - installOpts.Namespace = namespace - } - installer, err := install.NewInstaller(conf, installOpts) - errors.CheckError(err) - installer.Install() - }, - } - command.Flags().BoolVar(&installOpts.Upgrade, "upgrade", false, "upgrade controller/ui deployments and configmap if already installed") - command.Flags().BoolVar(&installOpts.DryRun, "dry-run", false, "print the kubernetes manifests to stdout instead of installing") - command.Flags().StringVar(&installOpts.SuperuserPassword, "superuser-password", "", "password for super user") - command.Flags().StringVar(&installOpts.ControllerImage, "controller-image", install.DefaultControllerImage, "use a specified controller image") - command.Flags().StringVar(&installOpts.ServerImage, "server-image", install.DefaultServerImage, "use a specified api server image") - command.Flags().StringVar(&installOpts.UIImage, "ui-image", install.DefaultUIImage, "use a specified ui image") - command.Flags().StringVar(&installOpts.RepoServerImage, "repo-server-image", install.DefaultRepoServerImage, "use a specified repo server image") - command.Flags().StringVar(&installOpts.ImagePullPolicy, "image-pull-policy", "", "set the image pull policy of the pod specs") - clientConfig = cli.AddKubectlFlagsToCmd(command) - command.AddCommand(newSettingsCommand()) - return command -} - -// newSettingsCommand returns a new instance of `argocd install settings` command -func newSettingsCommand() *cobra.Command { - var ( - clientConfig clientcmd.ClientConfig - installOpts install.InstallOptions - ) - var command = &cobra.Command{ - Use: "settings", - Short: "Creates or updates ArgoCD settings", - Long: "Creates or updates ArgoCD settings", - Run: func(c *cobra.Command, args []string) { - conf, err := clientConfig.ClientConfig() - errors.CheckError(err) - namespace, wasSpecified, err := clientConfig.Namespace() - errors.CheckError(err) - if wasSpecified { - installOpts.Namespace = namespace - } - installer, err := install.NewInstaller(conf, installOpts) - errors.CheckError(err) - installer.InstallSettings() - }, - } - command.Flags().BoolVar(&installOpts.UpdateSuperuser, "update-superuser", false, "force updating the superuser password") - command.Flags().StringVar(&installOpts.SuperuserPassword, "superuser-password", "", "password for super user") - command.Flags().BoolVar(&installOpts.UpdateSignature, "update-signature", false, "force updating the server-side token signing signature") - clientConfig = cli.AddKubectlFlagsToCmd(command) - return command -} diff --git a/cmd/argocd/commands/root.go b/cmd/argocd/commands/root.go index 90355efee9..407232d1a6 100644 --- a/cmd/argocd/commands/root.go +++ b/cmd/argocd/commands/root.go @@ -28,8 +28,6 @@ func NewCommand() *cobra.Command { command.AddCommand(NewApplicationCommand(&clientOpts)) command.AddCommand(NewLoginCommand(&clientOpts)) command.AddCommand(NewRepoCommand(&clientOpts)) - command.AddCommand(NewInstallCommand()) - command.AddCommand(NewUninstallCommand()) command.AddCommand(NewContextCommand(&clientOpts)) command.AddCommand(NewProjectCommand(&clientOpts)) diff --git a/cmd/argocd/commands/uninstall.go b/cmd/argocd/commands/uninstall.go deleted file mode 100644 index e3485cebd8..0000000000 --- a/cmd/argocd/commands/uninstall.go +++ /dev/null @@ -1,40 +0,0 @@ -package commands - -import ( - "github.com/argoproj/argo-cd/errors" - "github.com/argoproj/argo-cd/install" - "github.com/argoproj/argo-cd/util/cli" - "github.com/spf13/cobra" - "k8s.io/client-go/tools/clientcmd" -) - -// NewUninstallCommand returns a new instance of `argocd install` command -func NewUninstallCommand() *cobra.Command { - var ( - clientConfig clientcmd.ClientConfig - installOpts install.InstallOptions - deleteNamespace bool - deleteCRD bool - ) - var command = &cobra.Command{ - Use: "uninstall", - Short: "Uninstall Argo CD", - Long: "Uninstall Argo CD", - Run: func(c *cobra.Command, args []string) { - conf, err := clientConfig.ClientConfig() - errors.CheckError(err) - namespace, wasSpecified, err := clientConfig.Namespace() - errors.CheckError(err) - if wasSpecified { - installOpts.Namespace = namespace - } - installer, err := install.NewInstaller(conf, installOpts) - errors.CheckError(err) - installer.Uninstall(deleteNamespace, deleteCRD) - }, - } - clientConfig = cli.AddKubectlFlagsToCmd(command) - command.Flags().BoolVar(&deleteNamespace, "delete-namespace", false, "Also delete the namespace during uninstall") - command.Flags().BoolVar(&deleteCRD, "delete-crd", false, "Also delete the Application CRD during uninstall") - return command -} diff --git a/docs/sso.md b/docs/sso.md index 376e03c366..8a66b4f168 100644 --- a/docs/sso.md +++ b/docs/sso.md @@ -45,14 +45,35 @@ data: dex.config: | connectors: - - type: github - id: github - name: GitHub - config: - clientID: 5aae0fcec2c11634be8c - clientSecret: c6fcb18177869174bd09be2c51259fb049c9d4e5 - orgs: - - name: your-github-org + # GitHub example + - type: github + id: github + name: GitHub + config: + clientID: aabbccddeeff00112233 + clientSecret: $dex.github.clientSecret + orgs: + - name: your-github-org + + # GitHub enterprise example + - type: github + id: acme-github + name: Acme GitHub + config: + hostName: github.acme.com + clientID: abcdefghijklmnopqrst + clientSecret: $dex.acme.clientSecret + orgs: + - name: your-github-org + + # OIDC example (e.g. Okta) + - type: oidc + id: okta + name: Okta + config: + issuer: https://dev-123456.oktapreview.com + clientID: aaaabbbbccccddddeee + clientSecret: $dex.okta.clientSecret ``` After saving, the changes should take affect automatically. diff --git a/install/install.go b/install/install.go deleted file mode 100644 index 61cef6cdc0..0000000000 --- a/install/install.go +++ /dev/null @@ -1,395 +0,0 @@ -package install - -import ( - "fmt" - "strings" - "syscall" - - "github.com/ghodss/yaml" - "github.com/gobuffalo/packr" - log "github.com/sirupsen/logrus" - "github.com/yudai/gojsondiff/formatter" - "golang.org/x/crypto/ssh/terminal" - appsv1beta2 "k8s.io/api/apps/v1beta2" - apiv1 "k8s.io/api/core/v1" - rbacv1 "k8s.io/api/rbac/v1" - apiextensionsv1beta1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1" - apierr "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" - "k8s.io/client-go/discovery" - "k8s.io/client-go/dynamic" - "k8s.io/client-go/kubernetes" - "k8s.io/client-go/rest" - - "github.com/argoproj/argo-cd/common" - "github.com/argoproj/argo-cd/errors" - "github.com/argoproj/argo-cd/util/diff" - "github.com/argoproj/argo-cd/util/kube" - "github.com/argoproj/argo-cd/util/password" - "github.com/argoproj/argo-cd/util/session" - "github.com/argoproj/argo-cd/util/settings" - tlsutil "github.com/argoproj/argo-cd/util/tls" -) - -var ( - // These values will be overridden by the link flags during build - // (e.g. imageTag will use the official release tag on tagged builds) - imageNamespace = "argoproj" - imageTag = "latest" - - // Default namespace and image names which `argocd install` uses during install - DefaultInstallNamespace = "argocd" - DefaultControllerImage = imageNamespace + "/argocd-application-controller:" + imageTag - DefaultUIImage = imageNamespace + "/argocd-ui:" + imageTag - DefaultServerImage = imageNamespace + "/argocd-server:" + imageTag - DefaultRepoServerImage = imageNamespace + "/argocd-repo-server:" + imageTag -) - -// InstallOptions stores a collection of installation settings. -type InstallOptions struct { - DryRun bool - Upgrade bool - UpdateSuperuser bool - UpdateSignature bool - SuperuserPassword string - Namespace string - ControllerImage string - UIImage string - ServerImage string - RepoServerImage string - ImagePullPolicy string -} - -type Installer struct { - InstallOptions - box packr.Box - config *rest.Config - dynClientPool dynamic.ClientPool - disco discovery.DiscoveryInterface -} - -func NewInstaller(config *rest.Config, opts InstallOptions) (*Installer, error) { - shallowCopy := *config - inst := Installer{ - InstallOptions: opts, - box: packr.NewBox("./manifests"), - config: &shallowCopy, - } - if opts.Namespace == "" { - inst.Namespace = DefaultInstallNamespace - } - var err error - inst.dynClientPool = dynamic.NewDynamicClientPool(inst.config) - inst.disco, err = discovery.NewDiscoveryClientForConfig(inst.config) - if err != nil { - return nil, err - } - return &inst, nil -} - -func (i *Installer) Install() { - i.InstallNamespace() - i.InstallApplicationCRD() - i.InstallSettings() - i.InstallRBACConfigMap() - i.InstallApplicationController() - i.InstallArgoCDServer() - i.InstallArgoCDRepoServer() -} - -func (i *Installer) Uninstall(deleteNamespace, deleteCRD bool) { - manifests := i.box.List() - for _, manifestPath := range manifests { - if strings.HasSuffix(manifestPath, ".yaml") || strings.HasSuffix(manifestPath, ".yml") { - var obj unstructured.Unstructured - i.unmarshalManifest(manifestPath, &obj) - switch strings.ToLower(obj.GetKind()) { - case "namespace": - if !deleteNamespace { - log.Infof("Skipped deletion of Namespace: '%s'", obj.GetName()) - continue - } - case "customresourcedefinition": - if !deleteCRD { - log.Infof("Skipped deletion of CustomResourceDefinition: '%s'", obj.GetName()) - continue - } - } - i.MustUninstallResource(&obj) - } - } -} - -func (i *Installer) InstallNamespace() { - if i.Namespace != DefaultInstallNamespace { - // don't create namespace if a different one was supplied - return - } - var namespace apiv1.Namespace - i.unmarshalManifest("00_namespace.yaml", &namespace) - namespace.ObjectMeta.Name = i.Namespace - i.MustInstallResource(kube.MustToUnstructured(&namespace)) -} - -func (i *Installer) InstallApplicationCRD() { - var applicationCRD apiextensionsv1beta1.CustomResourceDefinition - i.unmarshalManifest("01a_application-crd.yaml", &applicationCRD) - i.MustInstallResource(kube.MustToUnstructured(&applicationCRD)) - - var appProjectCRD apiextensionsv1beta1.CustomResourceDefinition - i.unmarshalManifest("01b_appproject-crd.yaml", &appProjectCRD) - i.MustInstallResource(kube.MustToUnstructured(&appProjectCRD)) - -} - -func (i *Installer) InstallSettings() { - kubeclientset, err := kubernetes.NewForConfig(i.config) - errors.CheckError(err) - settingsMgr := settings.NewSettingsManager(kubeclientset, i.Namespace) - cdSettings, err := settingsMgr.GetSettings() - if err != nil { - if apierr.IsNotFound(err) { - cdSettings = &settings.ArgoCDSettings{} - } else { - log.Fatal(err) - } - } - - if cdSettings.ServerSignature == nil || i.UpdateSignature { - // set JWT signature - signature, err := session.MakeSignature(32) - errors.CheckError(err) - cdSettings.ServerSignature = signature - } - - if cdSettings.LocalUsers == nil { - cdSettings.LocalUsers = make(map[string]string) - } - if _, ok := cdSettings.LocalUsers[common.ArgoCDAdminUsername]; !ok || i.UpdateSuperuser { - passwordRaw := i.SuperuserPassword - if passwordRaw == "" { - passwordRaw = readAndConfirmPassword() - } - hashedPassword, err := password.HashPassword(passwordRaw) - errors.CheckError(err) - cdSettings.LocalUsers = map[string]string{ - common.ArgoCDAdminUsername: hashedPassword, - } - } - - if cdSettings.Certificate == nil { - // generate TLS cert - hosts := []string{ - "localhost", - "argocd-server", - fmt.Sprintf("argocd-server.%s", i.Namespace), - fmt.Sprintf("argocd-server.%s.svc", i.Namespace), - fmt.Sprintf("argocd-server.%s.svc.cluster.local", i.Namespace), - } - certOpts := tlsutil.CertOptions{ - Hosts: hosts, - Organization: "Argo CD", - IsCA: true, - } - cert, err := tlsutil.GenerateX509KeyPair(certOpts) - errors.CheckError(err) - cdSettings.Certificate = cert - } - - err = settingsMgr.SaveSettings(cdSettings) - errors.CheckError(err) -} - -func (i *Installer) InstallRBACConfigMap() { - var rbacCM apiv1.ConfigMap - i.unmarshalManifest("02c_argocd-rbac-cm.yaml", &rbacCM) - _, err := i.InstallResource(kube.MustToUnstructured(&rbacCM)) - if err != nil && !apierr.IsAlreadyExists(err) { - errors.CheckError(err) - } -} - -func readAndConfirmPassword() string { - for { - fmt.Print("*** Enter an admin password: ") - password, err := terminal.ReadPassword(syscall.Stdin) - errors.CheckError(err) - fmt.Print("\n") - fmt.Print("*** Confirm the admin password: ") - confirmPassword, err := terminal.ReadPassword(syscall.Stdin) - errors.CheckError(err) - fmt.Print("\n") - if string(password) == string(confirmPassword) { - return string(password) - } - log.Error("Passwords do not match") - } -} - -func (i *Installer) InstallApplicationController() { - var applicationControllerServiceAccount apiv1.ServiceAccount - var applicationControllerRole rbacv1.Role - var applicationControllerRoleBinding rbacv1.RoleBinding - var applicationControllerDeployment appsv1beta2.Deployment - i.unmarshalManifest("03a_application-controller-sa.yaml", &applicationControllerServiceAccount) - i.unmarshalManifest("03b_application-controller-role.yaml", &applicationControllerRole) - i.unmarshalManifest("03c_application-controller-rolebinding.yaml", &applicationControllerRoleBinding) - i.unmarshalManifest("03d_application-controller-deployment.yaml", &applicationControllerDeployment) - applicationControllerDeployment.Spec.Template.Spec.Containers[0].Image = i.ControllerImage - applicationControllerDeployment.Spec.Template.Spec.Containers[0].ImagePullPolicy = apiv1.PullPolicy(i.ImagePullPolicy) - i.MustInstallResource(kube.MustToUnstructured(&applicationControllerServiceAccount)) - i.MustInstallResource(kube.MustToUnstructured(&applicationControllerRole)) - i.MustInstallResource(kube.MustToUnstructured(&applicationControllerRoleBinding)) - i.MustInstallResource(kube.MustToUnstructured(&applicationControllerDeployment)) -} - -func (i *Installer) InstallArgoCDServer() { - var argoCDServerServiceAccount apiv1.ServiceAccount - var argoCDServerControllerRole rbacv1.Role - var argoCDServerControllerRoleBinding rbacv1.RoleBinding - var argoCDServerControllerDeployment appsv1beta2.Deployment - var argoCDServerService apiv1.Service - i.unmarshalManifest("04a_argocd-server-sa.yaml", &argoCDServerServiceAccount) - i.unmarshalManifest("04b_argocd-server-role.yaml", &argoCDServerControllerRole) - i.unmarshalManifest("04c_argocd-server-rolebinding.yaml", &argoCDServerControllerRoleBinding) - i.unmarshalManifest("04d_argocd-server-deployment.yaml", &argoCDServerControllerDeployment) - i.unmarshalManifest("04e_argocd-server-service.yaml", &argoCDServerService) - argoCDServerControllerDeployment.Spec.Template.Spec.InitContainers[0].Image = i.ServerImage - argoCDServerControllerDeployment.Spec.Template.Spec.InitContainers[0].ImagePullPolicy = apiv1.PullPolicy(i.ImagePullPolicy) - argoCDServerControllerDeployment.Spec.Template.Spec.InitContainers[1].Image = i.UIImage - argoCDServerControllerDeployment.Spec.Template.Spec.InitContainers[1].ImagePullPolicy = apiv1.PullPolicy(i.ImagePullPolicy) - argoCDServerControllerDeployment.Spec.Template.Spec.Containers[0].Image = i.ServerImage - argoCDServerControllerDeployment.Spec.Template.Spec.Containers[0].ImagePullPolicy = apiv1.PullPolicy(i.ImagePullPolicy) - i.MustInstallResource(kube.MustToUnstructured(&argoCDServerServiceAccount)) - i.MustInstallResource(kube.MustToUnstructured(&argoCDServerControllerRole)) - i.MustInstallResource(kube.MustToUnstructured(&argoCDServerControllerRoleBinding)) - i.MustInstallResource(kube.MustToUnstructured(&argoCDServerControllerDeployment)) - i.MustInstallResource(kube.MustToUnstructured(&argoCDServerService)) - -} - -func (i *Installer) InstallArgoCDRepoServer() { - var argoCDRepoServerControllerDeployment appsv1beta2.Deployment - var argoCDRepoServerService apiv1.Service - i.unmarshalManifest("05a_argocd-repo-server-deployment.yaml", &argoCDRepoServerControllerDeployment) - i.unmarshalManifest("05b_argocd-repo-server-service.yaml", &argoCDRepoServerService) - argoCDRepoServerControllerDeployment.Spec.Template.Spec.Containers[0].Image = i.RepoServerImage - argoCDRepoServerControllerDeployment.Spec.Template.Spec.Containers[0].ImagePullPolicy = apiv1.PullPolicy(i.ImagePullPolicy) - i.MustInstallResource(kube.MustToUnstructured(&argoCDRepoServerControllerDeployment)) - i.MustInstallResource(kube.MustToUnstructured(&argoCDRepoServerService)) -} - -func (i *Installer) unmarshalManifest(fileName string, obj interface{}) { - yamlBytes, err := i.box.MustBytes(fileName) - errors.CheckError(err) - err = yaml.Unmarshal(yamlBytes, obj) - errors.CheckError(err) -} - -func (i *Installer) MustInstallResource(obj *unstructured.Unstructured) *unstructured.Unstructured { - obj, err := i.InstallResource(obj) - errors.CheckError(err) - return obj -} - -func isNamespaced(obj *unstructured.Unstructured) bool { - switch obj.GetKind() { - case "Namespace", "ClusterRole", "ClusterRoleBinding", "CustomResourceDefinition": - return false - } - return true -} - -// InstallResource creates or updates a resource. If installed resource is up-to-date, does nothing -func (i *Installer) InstallResource(obj *unstructured.Unstructured) (*unstructured.Unstructured, error) { - if isNamespaced(obj) { - obj.SetNamespace(i.Namespace) - } - // remove 'creationTimestamp' and 'status' fields from object so that the diff will not be modified - obj.SetCreationTimestamp(metav1.Time{}) - delete(obj.Object, "status") - if i.DryRun { - printYAML(obj) - return nil, nil - } - gvk := obj.GroupVersionKind() - dclient, err := i.dynClientPool.ClientForGroupVersionKind(gvk) - if err != nil { - return nil, err - } - apiResource, err := kube.ServerResourceForGroupVersionKind(i.disco, gvk) - if err != nil { - return nil, err - } - reIf := dclient.Resource(apiResource, i.Namespace) - liveObj, err := reIf.Create(obj) - if err == nil { - fmt.Printf("%s '%s' created\n", liveObj.GetKind(), liveObj.GetName()) - return liveObj, nil - } - if !apierr.IsAlreadyExists(err) { - return nil, err - } - liveObj, err = reIf.Get(obj.GetName(), metav1.GetOptions{}) - if err != nil { - return nil, err - } - diffRes := diff.Diff(obj, liveObj) - if !diffRes.Modified { - fmt.Printf("%s '%s' up-to-date\n", liveObj.GetKind(), liveObj.GetName()) - return liveObj, nil - } - if !i.Upgrade { - log.Println(diffRes.ASCIIFormat(obj, formatter.AsciiFormatterConfig{})) - return nil, fmt.Errorf("%s '%s' already exists. Rerun with --upgrade to update", obj.GetKind(), obj.GetName()) - - } - liveObj, err = reIf.Update(obj) - if err != nil { - return nil, err - } - fmt.Printf("%s '%s' updated\n", liveObj.GetKind(), liveObj.GetName()) - return liveObj, nil -} - -func (i *Installer) MustUninstallResource(obj *unstructured.Unstructured) { - err := i.UninstallResource(obj) - errors.CheckError(err) -} - -// UninstallResource deletes a resource from the cluster -func (i *Installer) UninstallResource(obj *unstructured.Unstructured) error { - if isNamespaced(obj) { - obj.SetNamespace(i.Namespace) - } - gvk := obj.GroupVersionKind() - dclient, err := i.dynClientPool.ClientForGroupVersionKind(gvk) - if err != nil { - return err - } - apiResource, err := kube.ServerResourceForGroupVersionKind(i.disco, gvk) - if err != nil { - return err - } - reIf := dclient.Resource(apiResource, i.Namespace) - deletePolicy := metav1.DeletePropagationForeground - err = reIf.Delete(obj.GetName(), &metav1.DeleteOptions{PropagationPolicy: &deletePolicy}) - if err != nil { - if apierr.IsNotFound(err) { - fmt.Printf("%s '%s' not found\n", obj.GetKind(), obj.GetName()) - return nil - } - return err - } - fmt.Printf("%s '%s' deleted\n", obj.GetKind(), obj.GetName()) - return nil -} - -func printYAML(obj interface{}) { - objBytes, err := yaml.Marshal(obj) - if err != nil { - log.Fatalf("Failed to marshal %v", obj) - } - fmt.Printf("---\n%s\n", string(objBytes)) -} diff --git a/install/manifests/02a_argocd-cm.yaml b/install/manifests/02a_argocd-cm.yaml deleted file mode 100644 index d80812e7ab..0000000000 --- a/install/manifests/02a_argocd-cm.yaml +++ /dev/null @@ -1,56 +0,0 @@ -# NOTE: the values here are just a example and are not the values used during an install. -apiVersion: v1 -kind: ConfigMap -metadata: - name: argocd-cm -data: - # url is the externally facing base URL of ArgoCD. - # This field is required when configuring SSO, which ArgoCD uses as part the redirectURI for the - # dex connectors. When configuring the application in the SSO provider (e.g. github, okta), the - # authorization callback URL will be url + /api/dex/callback. For example, if ArgoCD's url is - # https://example.com, then the auth callback to set in the SSO provider should be: - # https://example.com/api/dex/callback - url: http://localhost:8080 - - # dex.config holds the contents of the configuration yaml for the dex OIDC/Oauth2 provider sidecar. - # Only a subset of a full dex config is required, namely the connectors list. ArgoCD will generate - # the complete dex config based on the configured URL, and the known callback endpoint which the - # ArgoCD API server exposes (i.e. /api/dex/callback). - dex.config: | - # connectors is a list of dex connector configurations. For details on available connectors and - # how to configure them, see: https://github.com/coreos/dex/tree/master/Documentation/connectors - # NOTE: - # * Any values which start with '$' will look to a key in argocd-secret of the same name, to - # obtain the actual value. - # * ArgoCD will automatically set the 'redirectURI' field in any OAuth2 connectors, to match the - # external callback URL (e.g. https://example.com/api/dex/callback) - connectors: - # GitHub example - - type: github - id: github - name: GitHub - config: - clientID: aabbccddeeff00112233 - clientSecret: $dex.github.clientSecret - orgs: - - name: your-github-org - - # GitHub enterprise example - - type: github - id: acme-github - name: Acme GitHub - config: - hostName: github.acme.com - clientID: abcdefghijklmnopqrst - clientSecret: $dex.acme.clientSecret - orgs: - - name: your-github-org - - # OIDC example (e.g. Okta) - - type: oidc - id: okta - name: Okta - config: - issuer: https://dev-123456.oktapreview.com - clientID: aaaabbbbccccddddeee - clientSecret: $dex.okta.clientSecret diff --git a/install/manifests/00_namespace.yaml b/manifests/00_namespace.yaml similarity index 100% rename from install/manifests/00_namespace.yaml rename to manifests/00_namespace.yaml diff --git a/install/manifests/01a_application-crd.yaml b/manifests/01a_application-crd.yaml similarity index 100% rename from install/manifests/01a_application-crd.yaml rename to manifests/01a_application-crd.yaml diff --git a/install/manifests/01b_appproject-crd.yaml b/manifests/01b_appproject-crd.yaml similarity index 100% rename from install/manifests/01b_appproject-crd.yaml rename to manifests/01b_appproject-crd.yaml diff --git a/manifests/02a_argocd-cm.yaml b/manifests/02a_argocd-cm.yaml new file mode 100644 index 0000000000..39a56dc1e8 --- /dev/null +++ b/manifests/02a_argocd-cm.yaml @@ -0,0 +1,9 @@ +# NOTE: the values here are just a example and are not the values used during an install. +apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-cm +data: + # please see https://github.com/argoproj/argo-cd/blob/master/docs/sso.md#2-configure-argocd-for-sso + # for more details about how to setup data config needed for sso + \ No newline at end of file diff --git a/install/manifests/02b_argocd-secret.yaml b/manifests/02b_argocd-secret.yaml similarity index 50% rename from install/manifests/02b_argocd-secret.yaml rename to manifests/02b_argocd-secret.yaml index 8fdcb0256a..2a52e5f051 100644 --- a/install/manifests/02b_argocd-secret.yaml +++ b/manifests/02b_argocd-secret.yaml @@ -5,22 +5,10 @@ kind: Secret metadata: name: argocd-secret type: Opaque -stringData: # bcrypt hash of the string "password" - admin.password: $2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W # random server signature key for session validation - server.secretkey: aEDvv73vv70F77+9CRBSNu+/vTYQ77+9EUFh77+9LzFyJ++/vXfLsO+/vWRbeu+/ve+/vQ== # The following keys hold the shared secret for authenticating GitHub/GitLab/BitBucket webhook # events. To enable webhooks, configure one or more of the following keys with the shared git # provider webhook secret. The payload URL configured in the git provider should use the - # /api/webhook endpoint of your ArgoCD instance (e.g. https://argocd.example.com/api/webhook) - github.webhook.secret: shhhh! it's a github secret - gitlab.webhook.secret: shhhh! it's a gitlab secret - bitbucket.webhook.uuid: your-bitbucket-uuid - - # the following of user defined keys which are referenced in the example argocd-cm configmap - # as pat of SSO configuration. - dex.github.clientSecret: nv1vx8w4gw5byrflujfkxww6ykh85yq818aorvwy - dex.acme.clientSecret: 5pp7dyre3d5nyk0ree1tr0gd68k18xn94x8lfae9 - dex.okta.clientSecret: x41ztv6ufyf07oyoopc6f62p222c00mox2ciquvt + # /api/webhook endpoint of your ArgoCD instance (e.g. https://argocd.example.com/api/webhook) \ No newline at end of file diff --git a/install/manifests/02c_argocd-rbac-cm.yaml b/manifests/02c_argocd-rbac-cm.yaml similarity index 100% rename from install/manifests/02c_argocd-rbac-cm.yaml rename to manifests/02c_argocd-rbac-cm.yaml diff --git a/install/manifests/03a_application-controller-sa.yaml b/manifests/03a_application-controller-sa.yaml similarity index 100% rename from install/manifests/03a_application-controller-sa.yaml rename to manifests/03a_application-controller-sa.yaml diff --git a/install/manifests/03b_application-controller-role.yaml b/manifests/03b_application-controller-role.yaml similarity index 100% rename from install/manifests/03b_application-controller-role.yaml rename to manifests/03b_application-controller-role.yaml diff --git a/install/manifests/03c_application-controller-rolebinding.yaml b/manifests/03c_application-controller-rolebinding.yaml similarity index 100% rename from install/manifests/03c_application-controller-rolebinding.yaml rename to manifests/03c_application-controller-rolebinding.yaml diff --git a/install/manifests/03d_application-controller-deployment.yaml b/manifests/03d_application-controller-deployment.yaml similarity index 100% rename from install/manifests/03d_application-controller-deployment.yaml rename to manifests/03d_application-controller-deployment.yaml diff --git a/install/manifests/04a_argocd-server-sa.yaml b/manifests/04a_argocd-server-sa.yaml similarity index 100% rename from install/manifests/04a_argocd-server-sa.yaml rename to manifests/04a_argocd-server-sa.yaml diff --git a/install/manifests/04b_argocd-server-role.yaml b/manifests/04b_argocd-server-role.yaml similarity index 100% rename from install/manifests/04b_argocd-server-role.yaml rename to manifests/04b_argocd-server-role.yaml diff --git a/install/manifests/04c_argocd-server-rolebinding.yaml b/manifests/04c_argocd-server-rolebinding.yaml similarity index 100% rename from install/manifests/04c_argocd-server-rolebinding.yaml rename to manifests/04c_argocd-server-rolebinding.yaml diff --git a/install/manifests/04d_argocd-server-deployment.yaml b/manifests/04d_argocd-server-deployment.yaml similarity index 100% rename from install/manifests/04d_argocd-server-deployment.yaml rename to manifests/04d_argocd-server-deployment.yaml diff --git a/install/manifests/04e_argocd-server-service.yaml b/manifests/04e_argocd-server-service.yaml similarity index 100% rename from install/manifests/04e_argocd-server-service.yaml rename to manifests/04e_argocd-server-service.yaml diff --git a/install/manifests/05a_argocd-repo-server-deployment.yaml b/manifests/05a_argocd-repo-server-deployment.yaml similarity index 100% rename from install/manifests/05a_argocd-repo-server-deployment.yaml rename to manifests/05a_argocd-repo-server-deployment.yaml diff --git a/install/manifests/05b_argocd-repo-server-service.yaml b/manifests/05b_argocd-repo-server-service.yaml similarity index 100% rename from install/manifests/05b_argocd-repo-server-service.yaml rename to manifests/05b_argocd-repo-server-service.yaml diff --git a/server/server.go b/server/server.go index 259088bd6a..4b32ce991b 100644 --- a/server/server.go +++ b/server/server.go @@ -31,6 +31,8 @@ import ( argocd "github.com/argoproj/argo-cd" "github.com/argoproj/argo-cd/common" "github.com/argoproj/argo-cd/errors" + apierr "k8s.io/apimachinery/pkg/api/errors" + "github.com/argoproj/argo-cd/pkg/apiclient" appclientset "github.com/argoproj/argo-cd/pkg/client/clientset/versioned" "github.com/argoproj/argo-cd/reposerver" @@ -47,6 +49,7 @@ import ( dexutil "github.com/argoproj/argo-cd/util/dex" grpc_util "github.com/argoproj/argo-cd/util/grpc" jsonutil "github.com/argoproj/argo-cd/util/json" + "github.com/argoproj/argo-cd/util/password" "github.com/argoproj/argo-cd/util/rbac" util_session "github.com/argoproj/argo-cd/util/session" settings_util "github.com/argoproj/argo-cd/util/settings" @@ -103,10 +106,66 @@ type ArgoCDServerOpts struct { RepoClientset reposerver.Clientset } +//initializeSettings sets default secret settings (password set to hostname) +func initializeSettings(settingsMgr *settings_util.SettingsManager, opts ArgoCDServerOpts) (*settings_util.ArgoCDSettings, error) { + cdSettings, err := settingsMgr.GetSettings() + if err != nil { + if apierr.IsNotFound(err) { + log.Fatal(err) + } + } + + if cdSettings.ServerSignature == nil { + // set JWT signature + signature, err := util_session.MakeSignature(32) + errors.CheckError(err) + cdSettings.ServerSignature = signature + } + + if cdSettings.LocalUsers == nil { + cdSettings.LocalUsers = make(map[string]string) + } + + if _, ok := cdSettings.LocalUsers[common.ArgoCDAdminUsername]; !ok { + //placeholder for when we replace this with get pod + passwordRaw, err := os.Hostname() + errors.CheckError(err) + hashedPassword, err := password.HashPassword(passwordRaw) + errors.CheckError(err) + log.Infof("password set to %s", passwordRaw) + cdSettings.LocalUsers = map[string]string{ + common.ArgoCDAdminUsername: hashedPassword, + } + } + + if cdSettings.Certificate == nil { + // generate TLS cert + hosts := []string{ + "localhost", + "argocd-server", + fmt.Sprintf("argocd-server.%s", opts.Namespace), + fmt.Sprintf("argocd-server.%s.svc", opts.Namespace), + fmt.Sprintf("argocd-server.%s.svc.cluster.local", opts.Namespace), + } + certOpts := tlsutil.CertOptions{ + Hosts: hosts, + Organization: "Argo CD", + IsCA: true, + } + cert, err := tlsutil.GenerateX509KeyPair(certOpts) + errors.CheckError(err) + cdSettings.Certificate = cert + } + + err = settingsMgr.SaveSettings(cdSettings) + errors.CheckError(err) + return cdSettings, nil +} + // NewServer returns a new instance of the ArgoCD API server func NewServer(opts ArgoCDServerOpts) *ArgoCDServer { settingsMgr := settings_util.NewSettingsManager(opts.KubeClientset, opts.Namespace) - settings, err := settingsMgr.GetSettings() + settings, err := initializeSettings(settingsMgr, opts) errors.CheckError(err) sessionMgr := util_session.NewSessionManager(settings) diff --git a/test/e2e/fixture.go b/test/e2e/fixture.go index 48bb138fe3..f56694313a 100644 --- a/test/e2e/fixture.go +++ b/test/e2e/fixture.go @@ -24,7 +24,6 @@ import ( "github.com/argoproj/argo-cd/cmd/argocd/commands" "github.com/argoproj/argo-cd/common" "github.com/argoproj/argo-cd/controller" - "github.com/argoproj/argo-cd/install" argocdclient "github.com/argoproj/argo-cd/pkg/apiclient" "github.com/argoproj/argo-cd/pkg/apis/application/v1alpha1" appclientset "github.com/argoproj/argo-cd/pkg/client/clientset/versioned" @@ -90,12 +89,10 @@ func getFreePort() (int, error) { } func (f *Fixture) setup() error { - installer, err := install.NewInstaller(f.Config, install.InstallOptions{}) + _, err := exec.Command("kubectl", "apply", "-f", "../../manifests/01a_application-crd.yaml", "-f", "../../manifests/01b_appproject-crd.yaml").Output() if err != nil { return err } - installer.InstallApplicationCRD() - cm := v1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ Name: common.ArgoCDRBACConfigMapName, diff --git a/util/settings/settings.go b/util/settings/settings.go index eccc5a0457..b22f99084f 100644 --- a/util/settings/settings.go +++ b/util/settings/settings.go @@ -92,7 +92,7 @@ func (mgr *SettingsManager) GetSettings() (*ArgoCDSettings, error) { } err = updateSettingsFromSecret(&settings, argoCDSecret) if err != nil { - return nil, err + return &settings, err } return &settings, nil }