-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathplatform.build.ps1
175 lines (168 loc) · 5.6 KB
/
platform.build.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
param (
$dnsname = "platform.local" #todo: this can be changed here but it won't work with any value but the default since its hardcoded everywhere.
)
task cert_up {
if(get-item 0_certs/root-ca -ea 0) {
throw "Root CA already exists"
}
else {
# create a git ignored directory to store the root CA certificate and private key
mkdir 0_certs/root-ca | out-null
# create a new private key for the root CA
openssl genrsa -out ./0_certs/root-ca/root-ca-key.pem 2048 | out-null
# create a self-signed root CA certificate using the private key
openssl req -x509 -new -nodes -key ./0_certs/root-ca/root-ca-key.pem -days 3650 -sha256 -out ./0_certs/root-ca/root-ca.pem -subj "/CN=kube-ca" | out-null
# Copy the cert over to argocd app so that its kustomize can reference it for oidc
mkdir ./2_platform/argocd/secrets
cp 0_certs/root-ca/root-ca.pem ./2_platform/argocd/secrets/root-ca.pem
# import the root CA certificate into the local machine's trusted root certificate store
Import-Certificate -FilePath "./0_certs/root-ca/root-ca.pem" -CertStoreLocation cert:\CurrentUser\Root
# Copy the cert over to argocd app so that its kustomize can reference it for oidc
cp 0_certs/root-ca/root-ca.pem ./2_platform/argocd/secrets/root-ca.pem
}
}
task cluster_up {
ctlptl apply -f 1_cluster/kind/cluster.yaml
}
task cluster_down {
ctlptl delete -f 1_cluster/kind/cluster.yaml
}
task platform_up {
push-location 2_platform
tilt up
pop-location
}
task platform_down {
push-location 2_platform
tilt down
pop-location
}
task backstage_up {
}
task backstage_down {
}
task apps_up {
push-location 3_gitops
tilt up
pop-location
}
task apps_down {
push-location 3_gitops
tilt down
pop-location
}
task crossplane_up {
push-location 4_crossplane
tilt up
pop-location
}
task crossplane_down {
push-location 4_crossplane
tilt down
pop-location
}
task local_dns {
write-host "copy and paste into your host files (need to save as admin)"
@"
############################################
127.0.0.1 backstage.$dnsname
127.0.0.1 kc.$dnsname
127.0.0.1 argocd.$dnsname
127.0.0.1 pg.$dnsname
127.0.0.1 echo.$dnsname
############################################
"@ | write-host
code c:\windows\system32\drivers\etc\hosts
}
task bootstrap {
$kcadminpatchpattern = @"
- op: add
path: /data/KEYCLOAK_ADMIN
value: {0}
- op: add
path: /data/KEYCLOAK_ADMIN_PASSWORD
value: {1}
"@
$kcauthpatchpattern = @"
- op: add
path: /spec/template/spec/containers/0/env
value:
- name: KEYCLOAK_ADMIN
value: {0}
- name: KEYCLOAK_ADMIN_PASSWORD
value: {1}
- name: KEYCLOAK_ADMIN_EMAIL
value: {2}
"@
# Pick a username and a default password to use for the platform.
$username = Read-Host -Prompt "Enter a username for the platform"
$password = Read-Host -Prompt "Enter a password for your platform user" -MaskInput
$stupidCharacters = '`''"$'
if($password -match "[$stupidCharacters]") {
throw "Password cannot contain any of the following characters: $stupidCharacters (because I couldn't get the curl command to escape them :D)"
}
$email = Read-Host -Prompt "Enter an email for your platform user"
$kcadminpatchpattern -f $username, $password > 2_platform/keycloak/keycloak-admin-patch.yaml
$kcauthpatchpattern -f $username, $password, $email > 2_platform/keycloak-auth-patch.yaml
}
task prereqs {
$reqs = @(
"kubectl",
"kind",
"tilt",
"ctlptl",
"openssl",
"helm",
"kustomize"
)
$installScoopScript = @"
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser
Invoke-RestMethod -Uri https://get.scoop.sh | Invoke-Expression
scoop bucket add tilt-dev https://github.com/tilt-dev/scoop-bucket
"@
foreach ($req in $reqs) {
if ( Get-Command $req -ErrorAction SilentlyContinue) {
Write-Host "$req found"
continue
}
else {
Write-Host "$req not found. Please install it and try again"
$scoopInstalled = Get-Command scoop -ErrorAction SilentlyContinue
if(-not $scoopInstalled) {
$installScoop = Read-Host -Prompt "Would you like to install scoop? (y/n)"
if($installScoop -eq "y") {
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser
Invoke-RestMethod -Uri https://get.scoop.sh | Invoke-Expression
scoop bucket add tilt-dev https://github.com/tilt-dev/scoop-bucket
}
else {
break;
}
}
$installNowWithScoop = Read-Host -Prompt "Would you like to install $req with scoop now? (y/n)"
if($installNowWithScoop -eq "y") {
scoop install $req
}
}
}
}
task changebranch {
$mainbranch = 'main'
$currentBranch = git rev-parse --abbrev-ref HEAD
$filesToChange = Get-ChildItem -Recurse -Filter 'gitops-*.yaml'
foreach ($file in $filesToChange) {
$content = Get-Content $file
if($content -match ": $mainbranch") {
$content = $content -replace ": $mainbranch", ": $currentBranch"
}
else{
$content = $content -replace ": $currentBranch", ": $mainbranch"
}
$content | Set-Content $file
}
}
task cb changebranch
task dns_local local_dns
task init prereqs, bootstrap, cert_up, local_dns
task up cluster_up, crossplane_up
task down cluster_down