Get rid of grafana ldap toml

2020-11-06 10:19:57 +01:00
parent 88b4b7315e
commit e1fa427036
5 changed files with 30 additions and 68 deletions
--- a/charts/prometheus/grafana-ldap-toml.yaml
+++ b/charts/prometheus/grafana-ldap-toml.yaml
@@ -1,14 +0,0 @@
-apiVersion: v1
-kind: List
-metadata: {}
-items:
- apiVersion: v1
-  kind: Secret
-  type: Opaque
-  metadata:
-    labels:
-      app: grafana
-    name: grafana-ldap-toml
-    namespace: prometheus
-  data:
-    ldap-toml: @grafana_ldap_toml@
--- a/clusters/k0/default.nix
+++ b/clusters/k0/default.nix
@@ -41,19 +41,6 @@ let
        acme_email = "innovasjon@itpartner.no";
        grafana_smtp_user = "utvikling";
        grafana_smtp_password = "S0m3rp0m@de#21!";
-        grafana_ldap_toml = ''
-          verbose_logging = true
-          [[servers]]
-          host = "itp-dc1.itpartner.intern"
-          port = 636
-          use_ssl = true
-          start_tls = false
-          ssl_skip_verify = true
-          bind_dn = "gitlab@itpartner.intern"
-          bind_password = "hipp hopp snipp snopp"
-          search_filter = "(&(objectClass=user)(objectClass=person)(|(sAMAccountName=%s)(mail=%s)))"
-          search_base_dns = ["DC=itpartner,DC=intern"]
-        '';
      };
    };
  };
--- a/clusters/k1/default.nix
+++ b/clusters/k1/default.nix
@@ -42,19 +42,6 @@ let
        acme_email = "innovasjon@itpartner.no";
        grafana_smtp_user = "utvikling";
        grafana_smtp_password = "S0m3rp0m@de#21!";
-        grafana_ldap_toml = ''
-          verbose_logging = true
-          [[servers]]
-          host = "itp-dc1.itpartner.intern"
-          port = 636
-          use_ssl = true
-          start_tls = false
-          ssl_skip_verify = true
-          bind_dn = "gitlab@itpartner.intern"
-          bind_password = "hipp hopp snipp snopp"
-          search_filter = "(&(objectClass=user)(objectClass=person)(|(sAMAccountName=%s)(mail=%s)))"
-          search_base_dns = ["DC=itpartner,DC=intern"]
-        '';
      };
    };
  };
--- a/clusters/k2/default.nix
+++ b/clusters/k2/default.nix
@@ -43,19 +43,6 @@ let
        acme_email = "innovasjon@itpartner.no";
        grafana_smtp_user = "utvikling";
        grafana_smtp_password = "S0m3rp0m@de#21!";
-        grafana_ldap_toml = ''
-          verbose_logging = true
-          [[servers]]
-          host = "itp-dc1.itpartner.intern"
-          port = 636
-          use_ssl = true
-          start_tls = false
-          ssl_skip_verify = true
-          bind_dn = "gitlab@itpartner.intern"
-          bind_password = "hipp hopp snipp snopp"
-          search_filter = "(&(objectClass=user)(objectClass=person)(|(sAMAccountName=%s)(mail=%s)))"
-          search_base_dns = ["DC=itpartner,DC=intern"]
-        '';
      };
    };
  };
--- a/modules/k8s.nix
+++ b/modules/k8s.nix
@@ -38,15 +38,22 @@ let
      '';
  };

+  kubernetes-charts = pkgs.stdenv.mkDerivation rec {
+      name = "kubernetes-charts";
+      src = ../charts;
+      buildCommand = ''
+        mkdir -p $out/share/${name}
+        cp -r $src/* $out/share${name}
+      '';
+  };
+
  show-kubernetes-charts-config =
    let
      ingressNodes = builtins.foldl' (a: x:
        a + ", ${x}") "${cfg.k8s.master.name}"
        cfg.k8s.extraIngressNodes;
-      ingressReplicas =
+      ingressReplicaCount =
         builtins.toString (1 + builtins.length cfg.k8s.extraIngressNodes);
-      grafanaLdap = pkgs.writeText "grafana-ldap.toml"
-          cfg.k8s.charts.grafana_ldap_toml;
    in
    pkgs.writeScriptBin "show-kubernetes-charts-config"
      ''
@@ -54,42 +61,54 @@ let
        cat << EOF
        # Generated by show-kubernetes-charts-config
        #   $(date)
+        # Charts in ${kubernetes-charts}

        vars=(
            initca="${pki.initca}"
            apiserver="${cfg.k8s.master.name}"
            cluster="${cfg.clusterName}"
            ingress_nodes="[ ${ingressNodes} ]"
-            ingress_replicas="${ingressReplicas}"
+            ingress_replica_count="${ingressReplicaCount}"
            filseserver="${cfg.k8s.fileserver}"
            acme_email="${cfg.k8s.charts.acme_email}"
            grafana_smtp_user="$(echo -n ${cfg.k8s.charts.grafana_smtp_user} | base64 -w0)"
            grafana_smtp_password="$(echo -n ${cfg.k8s.charts.grafana_smtp_password} | base64 -w0)"
-            grafana_ldap_toml="$(cat ${grafanaLdap} | base64 -w0)"
        )

        EOF
        cat << 'EOF'
-        make_substitutions () {
+        substitute_all () {
            read x
-            for i in "''${vars[@]}"; do
+            subs=("$@")
+            for i in "''${subs[@]}"; do
                k=$(echo "$i" | cut -d= -f1)
                v=$(echo "$i" | cut -d= -f2)
                echo "$x" | sed "s/@$k@/$v/g"
            done
        }

+        substitute_defaults () {
+          substitute_all "''${vars[@]}"
+        }
+
        kubectl_apply () {
+            read x
+            namespace=$1; shift
+            kubectl get ns $namespace  2>&1 >/dev/null || kubectl create ns $namespace
+            cat $x | substitute_defaults | kubectl -n $namespace apply -f -
+        }
+
+        kubectl_apply_files () {
+            namespace=$1; shift
            charts=("$@")
            for i in "''${charts[@]}"; do
-                k=$(echo "$i" | cut -d= -f1)
-                v=$(echo "$i" | cut -d= -f2)
-                sed "s/@$k@/$v/g" $i | kubectl apply -f -
+               cat $i | kubectl_apply $namespace
            done
        }
        EOF
      '';

+
  install-apitoken = ''
      #!${pkgs.bash}/bin/bash
      set -e
@@ -162,6 +181,7 @@ let
      pkgs.kubernetes-helm
      pkgs.kubectl
      cluster-scripts
+      kubernetes-charts
      show-kubernetes-charts-config
    ];

@@ -280,11 +300,6 @@ in {
        type = types.str;
        default = "";
      };
-
-      grafana_ldap_toml = mkOption {
-        type = types.str;
-        default = "";
-      };
    };
  };