0

I am practice GitOps and would like to automate as much as possible. ArgoCD together with Crossplane creates my clusters based on manifests. When the cluster is up and running, Crossplane creates a Secret containing a regular kubeconfig file, which can be downloaded and used like any other kubeconfig.

In ArgoCD I have to assign the target cluster IP address in an AppProject-manifest.

And this assignment I would like to automate.

Maybe someone knows a tool to do such tasks. I assume these steps are common in K8s world, but I do not know them. If there is no such tool, I thought going the manual way.

Raw kubeconfig secret:

data:
  kubeconfig: YXBpVmVyc2lvbj..........1VKbFJFTkRRVkl5WjBGM1NVSkJaMGxDUVblahblh..g==
kind: Secret
metadata:
  creationTimestamp: "2022-01-24T17:09:07Z"
  name: cluster-MY_CLUSTER-NAME-cp
  namespace: default
  resourceVersion: "7413"
  uid: 25346457-cc78-4e21-9cba-e291b2251c84
type: Opaque

That is the base64 decoded corresponding kubeconfig

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: LS0tLSBLAHBLAH_BLAH_B0K
    server: https://123.456.678.0:6443 # <<---- THIS IP SHOULD BE EXTRACTED
  name: MY_CLUSTER-staging-cp
contexts:
- context:
    cluster: MY_CLUSTER-staging-cp
    user: MY_CLUSTER-staging-cp
  name: MY_CLUSTER-staging-cp
current-context: MY_CLUSTER-staging-cp
kind: Config
preferences: {}
users:
- name: MY_CLUSTER-staging-cp
  user:
    client-certificate-data: LS0tL...........StkZk9IdWpqT2JmQjlHcG5maWpMOXZPODQ9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0
    client-key-data: LS0tLS1CRUd...........JTiQo=

That is my target manifest:

apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
  name: staging
spec:
  destinations:
    - namespace: "staging"
      server: $STAGING_IP # <<-- THE PLACE TO PUT THE IP ADDRESS

I can extract the address from the secret with:

export STAGING_IP=$(kubectl get secret cluster-details-vonhier-staging-cp -o jsonpath="{.data.kubeconfig}" | base64 -d| yq e ".clusters[0].cluster.server" -)

And apply it via:

yq e --inplace ".spec.destinations[0].server = \"${STAGING_IP}\"" app-projects/staging.yml

Which ends up like I expect:

destinations: - namespace: "production" server: "https://123.456.678.0:6443"

That works.

But how to "pack" that into the cluster? It works locally,..

  • Is a use case for a kind: Job-manifest?
  • Or is there something similar?
  • Any specific image for such tasks?

Thank you for pointing me in the right direction

larsks
  • 277,717
  • 41
  • 399
  • 399
Jan
  • 12,992
  • 9
  • 53
  • 89

1 Answers1

0

I was able to get my desired secret value, by creating a new connection and use that to store the token in a higher level variable than the informer.AddEventHandler

    rules := clientcmd.NewDefaultClientConfigLoadingRules()
    myKubeconfig := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(rules, &clientcmd.ConfigOverrides{})
    myconfig, err := myKubeconfig.ClientConfig()
    clientset := kubernetes.NewForConfigOrDie(myconfig)
    secretList, err := clientset.CoreV1().Secrets("crossplane-system").List(metav1.ListOptions{})

    var bearerToken string

    if err != nil {
        panic(err.Error())
    }
    for _, secret := range secretList.Items {
        if len(secret.Data["authToken"]) != 0 {
            var authToken string = string(secret.Data["authToken"])
            fmt.Print("authToken: ", authToken)
            bearerToken = authToken
        } else {
            fmt.Println("no authToken found")
        }

    }
Jan
  • 12,992
  • 9
  • 53
  • 89