bootstrap: fix service account permission issues
diff --git a/charts/flux-bootstrap/templates/fluxcd.yaml b/charts/flux-bootstrap/templates/fluxcd.yaml
index dfbc851..ddd389c 100644
--- a/charts/flux-bootstrap/templates/fluxcd.yaml
+++ b/charts/flux-bootstrap/templates/fluxcd.yaml
@@ -32,5 +32,7 @@
"--path={{ .Values.repository.path }}",
"--private-key-file=/access-keys/private.key",
"--ssh-key-algorithm=ed25519",
+ "--silent",
+ "--watch-all-namespaces",
"--verbose"]
restartPolicy: Never
diff --git a/charts/flux-bootstrap/templates/service-account.yaml b/charts/flux-bootstrap/templates/service-account.yaml
index 2092b3c..f8567e9 100644
--- a/charts/flux-bootstrap/templates/service-account.yaml
+++ b/charts/flux-bootstrap/templates/service-account.yaml
@@ -1,33 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
- name: patch-customresourcedefinitions
+ name: pcloud-flux-role
namespace: {{ .Release.Namespace }}
rules:
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["*"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: flux-patch-customresourcedefinitions
- namespace: {{ .Release.Namespace }}
-subjects:
- - kind: ServiceAccount
- name: default
- namespace: {{ .Release.Namespace }}
-roleRef:
- kind: ClusterRole
- name: patch-customresourcedefinitions
- apiGroup: rbac.authorization.k8s.io
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- name: create-flux-resources
- namespace: {{ .Release.Namespace }}
-rules:
- apiGroups: [""]
resources: ["*"]
verbs: ["*"]
@@ -40,11 +19,17 @@
- apiGroups: ["networking.k8s.io"]
resources: ["*"]
verbs: ["*"]
+ - apiGroups: ["kustomize.toolkit.fluxcd.io"]
+ resources: ["*"]
+ verbs: ["*"]
+ - apiGroups: ["source.toolkit.fluxcd.io"]
+ resources: ["*"]
+ verbs: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
- name: flux-create-flux-resources
+ name: pcloud-flux-rolebinding
namespace: {{ .Release.Namespace }}
subjects:
- kind: ServiceAccount
@@ -52,5 +37,5 @@
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
- name: create-flux-resources
+ name: pcloud-flux-role
apiGroup: rbac.authorization.k8s.io
diff --git a/core/installer/Makefile b/core/installer/Makefile
index 479a07c..acf0947 100644
--- a/core/installer/Makefile
+++ b/core/installer/Makefile
@@ -3,3 +3,9 @@
push_arm64: image_arm64
docker push giolekva/flux:latest
+
+build:
+ go1.18 build -o pcloud *.go
+
+bootstrap:
+ ./pcloud bootstrap --kubeconfig=../../priv/kubeconfig --charts-dir=../../charts --admin-pub-key=/Users/lekva/.ssh/id_rsa.pub --admin-priv-key=/Users/lekva/.ssh/id_rsa
diff --git a/core/installer/go.mod b/core/installer/go.mod
index 4311ce9..84eb3b4 100644
--- a/core/installer/go.mod
+++ b/core/installer/go.mod
@@ -6,6 +6,7 @@
github.com/go-git/go-billy/v5 v5.3.1
github.com/go-git/go-git/v5 v5.4.2
github.com/spf13/cobra v1.4.0
+ golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4
helm.sh/helm/v3 v3.8.2
sigs.k8s.io/yaml v1.3.0
)
@@ -114,7 +115,6 @@
github.com/xeipuuv/gojsonschema v1.2.0 // indirect
github.com/xlab/treeprint v0.0.0-20181112141820-a009c3971eca // indirect
go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect
- golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4 // indirect
golang.org/x/net v0.0.0-20220325170049-de3da57026de // indirect
golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 // indirect
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect
diff --git a/core/installer/main.go b/core/installer/main.go
index bc1ca71..4cee2c6 100644
--- a/core/installer/main.go
+++ b/core/installer/main.go
@@ -145,7 +145,7 @@
installer := action.NewInstall(config)
installer.Namespace = "pcloud"
installer.CreateNamespace = true
- installer.ReleaseName = "flux"
+ installer.ReleaseName = "flux4"
installer.Wait = true
installer.WaitForJobs = true
installer.Timeout = 5 * time.Minute
@@ -317,6 +317,32 @@
}, nil
}
+func reloadConfig(addr string, clientPrivKey []byte, serverPubKey string) error {
+ signer, err := ssh.ParsePrivateKey(clientPrivKey)
+ if err != nil {
+ return err
+ }
+ config := &ssh.ClientConfig{
+ Auth: []ssh.AuthMethod{
+ ssh.PublicKeys(signer),
+ },
+ HostKeyCallback: func(hostname string, remote net.Addr, key ssh.PublicKey) error {
+ fmt.Printf("## %s || %s -- \n", serverPubKey, ssh.MarshalAuthorizedKey(key))
+ return nil
+ },
+ }
+ client, err := ssh.Dial("tcp", addr, config)
+ if err != nil {
+ return err
+ }
+ session, err := client.NewSession()
+ if err != nil {
+ return err
+ }
+ defer session.Close()
+ return session.Run("reload")
+}
+
func bootstrapCmdRun(cmd *cobra.Command, args []string) error {
adminPubKey, adminPrivKey, err := readAdminKeys()
if err != nil {
@@ -342,16 +368,24 @@
fmt.Printf("-- %s || %s -- \n", softServePub, ssh.MarshalAuthorizedKey(key))
return nil
}
+ fmt.Println("Installing SoftServe")
if err := installSoftServe(softServePub, softServePriv, string(adminPubKey)); err != nil {
return err
}
- time.Sleep(10 * time.Second)
+ time.Sleep(30 * time.Second)
+ fmt.Println("Overwriting config")
if err := overwriteConfigRepo("ssh://192.168.0.208:22/config", auth, config); err != nil {
return err
}
+ fmt.Println("Reloading config")
+ if err := reloadConfig("192.168.0.208:22", adminPrivKey, softServePub); err != nil {
+ return err
+ }
+ fmt.Println("Creating /pcloud repo")
if err := createRepo("ssh://192.168.0.208:22/pcloud", "PCloud System\n", auth); err != nil {
return err
}
+ fmt.Println("Installing Flux")
if err := installFlux("ssh://soft-serve.pcloud.svc.cluster.local:22/pcloud", "soft-serve.pcloud.svc.cluster.local", softServePub, fluxPriv); err != nil {
return err
}