From e1fa42703661c7dfb034b43618bb14fc61f82417 Mon Sep 17 00:00:00 2001 From: Jonas Juselius Date: Fri, 6 Nov 2020 10:19:57 +0100 Subject: [PATCH] Get rid of grafana ldap toml --- charts/prometheus/grafana-ldap-toml.yaml | 14 -------- clusters/k0/default.nix | 13 ------- clusters/k1/default.nix | 13 ------- clusters/k2/default.nix | 13 ------- modules/k8s.nix | 45 ++++++++++++++++-------- 5 files changed, 30 insertions(+), 68 deletions(-) delete mode 100644 charts/prometheus/grafana-ldap-toml.yaml diff --git a/charts/prometheus/grafana-ldap-toml.yaml b/charts/prometheus/grafana-ldap-toml.yaml deleted file mode 100644 index a565862..0000000 --- a/charts/prometheus/grafana-ldap-toml.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: List -metadata: {} -items: -- apiVersion: v1 - kind: Secret - type: Opaque - metadata: - labels: - app: grafana - name: grafana-ldap-toml - namespace: prometheus - data: - ldap-toml: @grafana_ldap_toml@ diff --git a/clusters/k0/default.nix b/clusters/k0/default.nix index 4509c88..a7563c9 100644 --- a/clusters/k0/default.nix +++ b/clusters/k0/default.nix @@ -41,19 +41,6 @@ let acme_email = "innovasjon@itpartner.no"; grafana_smtp_user = "utvikling"; grafana_smtp_password = "S0m3rp0m@de#21!"; - grafana_ldap_toml = '' - verbose_logging = true - [[servers]] - host = "itp-dc1.itpartner.intern" - port = 636 - use_ssl = true - start_tls = false - ssl_skip_verify = true - bind_dn = "gitlab@itpartner.intern" - bind_password = "hipp hopp snipp snopp" - search_filter = "(&(objectClass=user)(objectClass=person)(|(sAMAccountName=%s)(mail=%s)))" - search_base_dns = ["DC=itpartner,DC=intern"] - ''; }; }; }; diff --git a/clusters/k1/default.nix b/clusters/k1/default.nix index 79de0d3..d9ff4a1 100644 --- a/clusters/k1/default.nix +++ b/clusters/k1/default.nix @@ -42,19 +42,6 @@ let acme_email = "innovasjon@itpartner.no"; grafana_smtp_user = "utvikling"; grafana_smtp_password = "S0m3rp0m@de#21!"; - grafana_ldap_toml = '' - verbose_logging = true - [[servers]] - host = "itp-dc1.itpartner.intern" - port = 636 - use_ssl = true - start_tls = false - ssl_skip_verify = true - bind_dn = "gitlab@itpartner.intern" - bind_password = "hipp hopp snipp snopp" - search_filter = "(&(objectClass=user)(objectClass=person)(|(sAMAccountName=%s)(mail=%s)))" - search_base_dns = ["DC=itpartner,DC=intern"] - ''; }; }; }; diff --git a/clusters/k2/default.nix b/clusters/k2/default.nix index 9b5a9e3..4553fb3 100644 --- a/clusters/k2/default.nix +++ b/clusters/k2/default.nix @@ -43,19 +43,6 @@ let acme_email = "innovasjon@itpartner.no"; grafana_smtp_user = "utvikling"; grafana_smtp_password = "S0m3rp0m@de#21!"; - grafana_ldap_toml = '' - verbose_logging = true - [[servers]] - host = "itp-dc1.itpartner.intern" - port = 636 - use_ssl = true - start_tls = false - ssl_skip_verify = true - bind_dn = "gitlab@itpartner.intern" - bind_password = "hipp hopp snipp snopp" - search_filter = "(&(objectClass=user)(objectClass=person)(|(sAMAccountName=%s)(mail=%s)))" - search_base_dns = ["DC=itpartner,DC=intern"] - ''; }; }; }; diff --git a/modules/k8s.nix b/modules/k8s.nix index 5836749..ba4b558 100644 --- a/modules/k8s.nix +++ b/modules/k8s.nix @@ -38,15 +38,22 @@ let ''; }; + kubernetes-charts = pkgs.stdenv.mkDerivation rec { + name = "kubernetes-charts"; + src = ../charts; + buildCommand = '' + mkdir -p $out/share/${name} + cp -r $src/* $out/share${name} + ''; + }; + show-kubernetes-charts-config = let ingressNodes = builtins.foldl' (a: x: a + ", ${x}") "${cfg.k8s.master.name}" cfg.k8s.extraIngressNodes; - ingressReplicas = + ingressReplicaCount = builtins.toString (1 + builtins.length cfg.k8s.extraIngressNodes); - grafanaLdap = pkgs.writeText "grafana-ldap.toml" - cfg.k8s.charts.grafana_ldap_toml; in pkgs.writeScriptBin "show-kubernetes-charts-config" '' @@ -54,42 +61,54 @@ let cat << EOF # Generated by show-kubernetes-charts-config # $(date) + # Charts in ${kubernetes-charts} vars=( initca="${pki.initca}" apiserver="${cfg.k8s.master.name}" cluster="${cfg.clusterName}" ingress_nodes="[ ${ingressNodes} ]" - ingress_replicas="${ingressReplicas}" + ingress_replica_count="${ingressReplicaCount}" filseserver="${cfg.k8s.fileserver}" acme_email="${cfg.k8s.charts.acme_email}" grafana_smtp_user="$(echo -n ${cfg.k8s.charts.grafana_smtp_user} | base64 -w0)" grafana_smtp_password="$(echo -n ${cfg.k8s.charts.grafana_smtp_password} | base64 -w0)" - grafana_ldap_toml="$(cat ${grafanaLdap} | base64 -w0)" ) EOF cat << 'EOF' - make_substitutions () { + substitute_all () { read x - for i in "''${vars[@]}"; do + subs=("$@") + for i in "''${subs[@]}"; do k=$(echo "$i" | cut -d= -f1) v=$(echo "$i" | cut -d= -f2) echo "$x" | sed "s/@$k@/$v/g" done } + substitute_defaults () { + substitute_all "''${vars[@]}" + } + kubectl_apply () { + read x + namespace=$1; shift + kubectl get ns $namespace 2>&1 >/dev/null || kubectl create ns $namespace + cat $x | substitute_defaults | kubectl -n $namespace apply -f - + } + + kubectl_apply_files () { + namespace=$1; shift charts=("$@") for i in "''${charts[@]}"; do - k=$(echo "$i" | cut -d= -f1) - v=$(echo "$i" | cut -d= -f2) - sed "s/@$k@/$v/g" $i | kubectl apply -f - + cat $i | kubectl_apply $namespace done } EOF ''; + install-apitoken = '' #!${pkgs.bash}/bin/bash set -e @@ -162,6 +181,7 @@ let pkgs.kubernetes-helm pkgs.kubectl cluster-scripts + kubernetes-charts show-kubernetes-charts-config ]; @@ -280,11 +300,6 @@ in { type = types.str; default = ""; }; - - grafana_ldap_toml = mkOption { - type = types.str; - default = ""; - }; }; };