Skip to content
This repository has been archived by the owner on Jun 14, 2024. It is now read-only.

Commit

Permalink
[FEAT] Root domain support
Browse files Browse the repository at this point in the history
  • Loading branch information
tacf committed Jul 4, 2019
1 parent 5a18c69 commit 503cdab
Show file tree
Hide file tree
Showing 6 changed files with 132 additions and 15 deletions.

Large diffs are not rendered by default.

45 changes: 34 additions & 11 deletions salt/environments/dev/states/deployment/k8s/v1_0/init.sls
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ domain_test_pillar:
- present:
- {{ client_id }}:deployment:k8s:domain:name
- {{ client_id }}:deployment:k8s:domain:cert64
- {{ client_id }}:deployment:k8s:domain:cert_key64
- {{ client_id }}:deployment:k8s:domain:wildcard_cert_key64
- failhard: true

{%- set _auth = salt.pillar.get([client_id, 'authentication', _cluster.provider]|join(':')) %}
Expand Down Expand Up @@ -92,24 +92,44 @@ nginx_ingress_deploy:
{%- set apps_namespace = client_id|replace('_','-') %}

# Setup Certificates
{%- set cert_file = [base_app_dir, client_id + "_cert.pem"] | join("/") %}
{%- set cert_key = [base_app_dir, client_id + "_cert.key"] | join("/") %}
{{ cert_file }}:
{%- set root_cert_file = [base_app_dir, client_id + "_root_cert.pem"] | join("/") %}
{%- set root_cert_key = [base_app_dir, client_id + "_root_cert.key"] | join("/") %}
{%- set wildcard_cert_file = [base_app_dir, client_id + "_cert.pem"] | join("/") %}
{%- set wildcard_cert_key = [base_app_dir, client_id + "_cert.key"] | join("/") %}
{{ root_cert_file }}:
file.managed:
- template: jinja
- source: salt://{{tpldir}}/templates/base64_decode.j2
- failhard: true
- defaults:
content: {{ _deploy.domain.cert64 }}

{{ cert_key }}:
{{ root_cert_key }}:
file.managed:
- template: jinja
- source: salt://{{tpldir}}/templates/base64_decode.j2
- failhard: true
- defaults:
content: {{ _deploy.domain.cert_key64 }}

{%- if _deploy.domain.wildcard_cert64 is defined %}
{{ wildcard_cert_file }}:
file.managed:
- template: jinja
- source: salt://{{tpldir}}/templates/base64_decode.j2
- failhard: true
- defaults:
content: {{ _deploy.domain.wildcard_cert64 }}

{{ wildcard_cert_key }}:
file.managed:
- template: jinja
- source: salt://{{tpldir}}/templates/base64_decode.j2
- failhard: true
- defaults:
content: {{ _deploy.domain.wildcard_cert_key64 }}
{%- endif %}

# Setup EFS Provisioner
# https://github.com/kubernetes-incubator/external-storage/tree/master/aws/efs
{%- set efs_yaml = [base_app_dir, client_id + "_efs.yaml"] | join("/") %}
Expand Down Expand Up @@ -244,7 +264,8 @@ nginx_ingress_deploy:
{{ ingress_service }}_deploy:
cmd.run:
- name: |
kubectl create secret tls {{ _deploy.domain.name }} --key {{ cert_key }} --cert {{ cert_file }} -n {{ apps_namespace }}
{% if _deploy.domain.wildcard_cert64 is defined %}kubectl create secret tls wildcard.{{ _deploy.domain.name }} --key {{ wildcard_cert_key }} --cert {{ wildcard_cert_file }} -n {{ apps_namespace }}{% endif %}
kubectl create secret tls {{ _deploy.domain.name }} --key {{ root_cert_key }} --cert {{ root_cert_file }} -n {{ apps_namespace }}
kubectl apply -f {{ ingress_service }} -n {{ apps_namespace }}
- env:
- PATH: {{ path_var }}
Expand All @@ -253,8 +274,8 @@ nginx_ingress_deploy:
- AWS_SECRET_ACCESS_KEY: {{ _auth.saltstack.aws_secret_access_key}}
- require:
- {{ kubeconfig }}
- {{ cert_key }}
- {{ cert_file }}
- {{ wildcard_cert_key }}
- {{ wildcard_cert_file }}
- {{ ingress_service }}
{%- for app in _deploy.apps %}
- {{ app.name }}_deploy
Expand All @@ -280,19 +301,21 @@ nginx_ingress_deploy:

{% for app in _deploy.apps %}
{{ app.name }}_{{ client_id }}_dns:
dnsimple.cname_present:
dnsimple.{%- if app.root_application is defined and app.root_application %}alias{% else %}cname{% endif %}_present:
- client_id: {{ client_id }}
- domain: {{ _deploy.domain.name }}
{%- if app.root_application is defined and app.root_application %}
- name: ""
{% else %}
- name: {{ app.name }}
{%- endif %}
- content_file: {{ _configs.work_dir+"/"+ client_id + "/external_ip" }}
- require:
- {{ client_id }}_get_external_ip
- domain_test_pillar
{% endfor %}


{% for job in _deploy.job %}

{%- set env_vars = {} -%}
{%- if job.requires_database is defined and job.requires_database -%}
{%- set rds_name = _cluster.cluster_name|replace('-','') -%} # As defined in rds_configs.j2
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,17 +11,40 @@ metadata:
nginx.ingress.kubernetes.io/use-proxy-protocol: "true"
spec:
tls:
- hosts:
{%- set apps_on_wildcard = [] %}
{%- set apps_on_root = [] %}
{%- for app in apps %}
{%- if app.root_application is defined and app.root_application %}
{%- do apps_on_root.append(app) %}
{%- else %}
{%- do apps_on_wildcard.append(app) %}
{%- endif %}
{%- endfor -%}

{%- if apps_on_wildcard is defined %}
- hosts:
{%- for app in apps_on_wildcard %}
{%- if app.public_access is defined and app.public_access %}
- {{ app.name }}.{{ domain }}
{%- endif %}
{%- endfor %}
secretName: wildcard.{{ domain }}
{%- endif -%}

{%- if apps_on_wildcard is defined %}
- hosts:
{%- for app in apps_on_root %}
{%- if app.public_access is defined and app.public_access %}
- {{ domain }}
{%- endif %}
{%- endfor %}
secretName: {{ domain }}
{%- endif %}

rules:
{%- for app in apps %}
{%- if app.public_access is defined and app.public_access %}
- host: {{ app.name }}.{{ domain }}
- host: {% if app.root_application is defined and app.root_application %}{{ domain }}{% else %}{{ app.name }}.{{ domain }}{% endif %}
http:
paths:
- path: {% if app.path is defined %}{{app.path}}{% else %}/{% endif %}
Expand Down
12 changes: 12 additions & 0 deletions salt/ext/_modules/dns_dnsimple/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -20,3 +20,15 @@ def cname_record_add(client_id, domain, name, content):

def cname_record_update(client_id, domain, name, content):
return DNSimpleProvider(account_id=_confs(client_id).get('account_id'), api_token=_confs(client_id).get('api_token')).cname_record_update(domain=domain, name=name, content=content)


def alias_record_exists(client_id, domain, name):
return DNSimpleProvider(account_id=_confs(client_id).get('account_id'), api_token=_confs(client_id).get('api_token')).alias_record_exists(domain=domain, name=name)


def alias_record_add(client_id, domain, name, content):
return DNSimpleProvider(account_id=_confs(client_id).get('account_id'), api_token=_confs(client_id).get('api_token')).alias_record_add(domain=domain, name=name, content=content)


def alias_record_update(client_id, domain, name, content):
return DNSimpleProvider(account_id=_confs(client_id).get('account_id'), api_token=_confs(client_id).get('api_token')).alias_record_update(domain=domain, name=name, content=content)
38 changes: 38 additions & 0 deletions salt/ext/_modules/dns_dnsimple/provider.py
Original file line number Diff line number Diff line change
Expand Up @@ -43,3 +43,41 @@ def rfilter(x):
return {'result': False, 'data': str(e)}
except IndexError:
return {'result': False, 'data': 'record not found'}

def alias_record_exists(self, domain, name=None):
records = self.dnsimple_client.records(domain)
try:
def rfilter(x):
rtype, rname, rzoneid = x.get('record').get('type'), x.get('record').get('name'), x.get('record').get('zone_id')
return rtype == "ALIAS" and (rname == name if (name and name != "") else True) and (rzoneid == domain)
record = list(filter(rfilter, records))[0]
return record
except DNSimpleException as e:
return {'result': True, 'data': '{}{} alias not found'.format(name + '.' if name else '', domain)}
except IndexError as e:
return {'result': True, 'data': '{} alias not found'.format(name + '.' if name else '', domain)}

def alias_record_add(self, domain, name, content):
try:
return {'result': True, 'data': self.dnsimple_client.add_record(domain, {'type': 'ALIAS', 'name': name, 'content': content})}
except DNSimpleException as e:
return {'result': False, 'data': str(e)}

def alias_record_update(self, domain, name=None, content=""):
records = self.dnsimple_client.records(domain)
try:
def rfilter(x):
rtype, rname, rzoneid = x.get('record').get('type'), x.get('record').get('name'), x.get('record').get('zone_id')
return rtype == "ALIAS" and (rname == name if (name and name != "") else True) and (rzoneid == domain)
log.error(">>>>>>>>")
log.error(domain)
log.error(name)
log.error(content)
log.error(records)
record_id = list(filter(rfilter, records))[0].get('record').get('id')
log.error(list(filter(rfilter, records))[0].get('record'))
return {'result': True, 'data': self.dnsimple_client.update_record(domain, record_id, {'content': content})}
except DNSimpleException as e:
return {'result': False, 'data': str(e)}
except IndexError:
return {'result': False, 'data': 'record not found'}
19 changes: 19 additions & 0 deletions salt/ext/_states/dnsimple.py
Original file line number Diff line number Diff line change
Expand Up @@ -24,3 +24,22 @@ def execute(op):
return result_dict(__salt__['dns_dnsimple.cname_record_{0}'.format(op)](client_id=client_id, domain=domain, name=name, content=content))

return execute('update') if exists() else execute('add')


def alias_present(client_id, domain, name=None, content_file=None):
content = open(content_file, "r").read() if content_file else None

def result_dict(result):
return {
'name': 'alias_present',
'result': result.get('result'),
'changes': result.get('data') if result.get('result') else {},
'comment': result.get('data') if not result.get('result') else ''}

def exists():
return __salt__['dns_dnsimple.alias_record_exists'](client_id=client_id, domain=domain, name=name)

def execute(op):
return result_dict(__salt__['dns_dnsimple.alias_record_{0}'.format(op)](client_id=client_id, domain=domain, name=name, content=content))

return execute('update') if exists() else execute('add')

0 comments on commit 503cdab

Please sign in to comment.