diff --git a/scripts/add_reply_url_for_cluster.sh b/scripts/add_reply_url_for_cluster.sh deleted file mode 100755 index d7509f02d..000000000 --- a/scripts/add_reply_url_for_cluster.sh +++ /dev/null @@ -1,186 +0,0 @@ -#!/usr/bin/env bash - -# PURPOSE -# Add a replyURL to the input AAD app that handles the authentication for an app hosted in k8s. -# The script will generate the correct replyUrl to the app based on the app ingress host value, which is why the script also require input ingress name and namespace where the ingress can be found. - -# Example 1: -# AAD_APP_NAME="Omnia Radix Web Console" K8S_NAMESPACE="radix-web-console-prod" K8S_INGRESS_NAME="web" REPLY_PATH="/auth-callback" WEB_REDIRECT_URI="/applications" ./add_reply_url_for_cluster.sh -# - -# INPUTS: -# AAD_APP_NAME (Mandatory) -# K8S_NAMESPACE (Mandatory) -# K8S_INGRESS_NAME (Mandatory) -# REPLY_PATH (Mandatory) -# WEB_REDIRECT_URI (Optional) -# USER_PROMPT (Optional. Defaulted if omitted. ex: false,true. Will skip any user input, so that script can run to the end with no interaction) - -echo "" -echo "Updating replyUrls for AAD app \"${AAD_APP_NAME}\"..." - -# Validate mandatory input -if [[ -z "$AAD_APP_NAME" ]]; then - echo "ERROR: Please provide AAD_APP_NAME." >&2 - exit 1 -fi -if [[ -z "$K8S_NAMESPACE" ]]; then - echo "ERROR: Please provide K8S_NAMESPACE." >&2 - exit 1 -fi -if [[ -z "$K8S_INGRESS_NAME" ]]; then - echo "ERROR: Please provide K8S_INGRESS_NAME." >&2 - exit 1 -fi -if [[ -z "$REPLY_PATH" ]]; then - echo "ERROR: Please provide REPLY_PATH." >&2 - exit 1 -fi -if [[ -z "$WEB_REDIRECT_URI" ]]; then - RUN_updateSpaRedirectUris=false - echo "INFO: No WEB_REDIRECT_URI found will skip updateSpaRedirectUris" -else - RUN_updateSpaRedirectUris=true -fi - -if [[ -z "$USER_PROMPT" ]]; then - USER_PROMPT=true -fi - -# Source util scripts - -script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" -source ${script_dir}/utility/util.sh - -####################################################################################### -### Verify cluster access -### -verify_cluster_access - -function updateWebRedirectUris() { - local aadAppId - local currentRedirectUris - local host_name - local additionalWebReplyURL - local newWebRedirectUris - - aadAppId="$(az ad app list --filter "displayname eq '${AAD_APP_NAME}'" --only-show-errors --query [].appId --output tsv)" - if [[ -z $aadAppId ]]; then - echo "ERROR: Could not find app registration. Quitting..." >&2 - return 1 - fi - # Convert list to string where urls are separated by space - currentRedirectUris="$(az ad app show --id "${aadAppId}" --query web.redirectUris --only-show-errors --output json | jq -r '.[] | @text')" - - host_name=$(kubectl get ing --namespace "${K8S_NAMESPACE}" "${K8S_INGRESS_NAME}" -o json| jq --raw-output .spec.rules[0].host) - additionalWebReplyURL="https://${host_name}${REPLY_PATH}" - - if [[ "$currentRedirectUris" == *"${additionalWebReplyURL}"* ]]; then - echo "Web replyUrl \"${additionalWebReplyURL}\" already exist in AAD app \"${AAD_APP_NAME}\"." - echo "" - return 0 - fi - - newWebRedirectUris="${currentRedirectUris} ${additionalWebReplyURL}" - - # Ask user - echo "This will be the new list of Web Redirect URIs for AAD app $AAD_APP_NAME:" - echo "${currentRedirectUris}" - echo "${additionalWebReplyURL}" - echo "" - - if [[ $USER_PROMPT == true ]]; then - while true; do - read -r -p "Do you want to continue? (Y/n) " yn - case $yn in - [Yy]*) - echo "" - break - ;; - [Nn]*) - echo "" - echo "Skipping updating Web RedirectUris." - return 0 - ;; - *) echo "Please answer yes or no." ;; - esac - done - fi - - az ad app update \ - --id "${aadAppId}" \ - --web-redirect-uris ${newWebRedirectUris} \ - --only-show-errors || - { - echo "ERROR: Could not update app registration." >&2 - return 1 - } - - echo "Added Web replyUrl \"${additionalWebReplyURL}\" to AAD app \"${AAD_APP_NAME}\"." - echo "" -} - -function updateSpaRedirectUris() { - local aadObjId - local currentSpaRedirectUris - local host_name - local additionalSpaReplyURI - local newSpaRedirectUris - - aadObjId="$(az ad app list --filter "displayname eq '${AAD_APP_NAME}'" --only-show-errors --query [].id --output tsv)" - if [[ -z $aadObjId ]]; then - echo "ERROR: Could not find app registration. Quitting..." >&2 - return 1 - fi - - currentSpaRedirectUris=$(az rest --method GET --uri "https://graph.microsoft.com/v1.0/applications/${aadObjId}" | jq -r .spa.redirectUris) - - host_name=$(kubectl get ing --namespace "${K8S_NAMESPACE}" "${K8S_INGRESS_NAME}" -o json| jq --raw-output .spec.rules[0].host) - additionalSpaReplyURI="https://${host_name}${WEB_REDIRECT_URI}" - - if [[ "$(echo "${currentSpaRedirectUris}" | jq -e ". | any(. == \"$additionalSpaReplyURI\")")" == true ]]; then - echo "Spa replyUrl \"${additionalSpaReplyURI}\" already exist in AAD app \"${AAD_APP_NAME}\"." - echo "" - return 0 - fi - - newSpaRedirectUris=$(echo "${currentSpaRedirectUris}" | jq ". += [\"$additionalSpaReplyURI\"]") - - # Ask user - echo "This will be the new list of Spa Redirect URIs for AAD app $AAD_APP_NAME:" - echo "${newSpaRedirectUris}" | jq -r '.[] | @text' - echo "" - - if [[ $USER_PROMPT == true ]]; then - while true; do - read -r -p "Do you want to continue? (Y/n) " yn - case $yn in - [Yy]*) - echo "" - break - ;; - [Nn]*) - echo "" - echo "Skipping updating SpaRedirectUris." - return 0 - ;; - *) echo "Please answer yes or no." ;; - esac - done - fi - - az rest \ - --method PATCH \ - --uri "https://graph.microsoft.com/v1.0/applications/${aadObjId}" \ - --headers "Content-Type=application/json" \ - --body "{\"spa\":{\"redirectUris\":${newSpaRedirectUris}}}" - - echo "Added Spa replyUrl \"${additionalSpaReplyURI}\" to AAD app \"${AAD_APP_NAME}\"." - echo "" -} - -### MAIN -updateWebRedirectUris -if [[ $RUN_updateSpaRedirectUris == true ]]; then - updateSpaRedirectUris -fi diff --git a/scripts/aks/teardown.sh b/scripts/aks/teardown.sh index 1b497f777..ad456f28e 100755 --- a/scripts/aks/teardown.sh +++ b/scripts/aks/teardown.sh @@ -126,13 +126,6 @@ if [[ -z "$VNET_DNS_LINK" ]]; then VNET_DNS_LINK=$CLUSTER_NAME-link fi -# Define web console variables -RADIX_WEB_CONSOLE_ENV="prod" -if [[ $CLUSTER_TYPE == "development" ]]; then - # Development cluster uses QA web-console - RADIX_WEB_CONSOLE_ENV="qa" -fi - ####################################################################################### ### Prepare az session ### diff --git a/scripts/github_maintenance/bootstrap.sh b/scripts/github_maintenance/bootstrap.sh deleted file mode 100755 index ddb9868e7..000000000 --- a/scripts/github_maintenance/bootstrap.sh +++ /dev/null @@ -1,153 +0,0 @@ -#!/usr/bin/env bash - -####################################################################################### -### PURPOSE -### - -# Bootstrap github maintenace: create role and rolebinding for github managed identity - -####################################################################################### -### INPUTS -### - -# Required: -# - RADIX_ZONE_ENV : Path to *.env file - -####################################################################################### -### HOW TO USE -### - -# RADIX_ZONE_ENV=../radix-zone/radix_zone_dev.env ./bootstrap.sh - -####################################################################################### -### START -### - -echo "" -echo "Start bootstrap github maintenance... " - -####################################################################################### -### Check for prerequisites binaries -### - -printf "Check for neccesary executables for \"$(basename ${BASH_SOURCE[0]})\"... " -hash az 2>/dev/null || { - echo -e "\nERROR: Azure-CLI not found in PATH. Exiting... " >&2 - exit 1 -} -hash kubectl 2>/dev/null || { - echo -e "\nERROR: kubectl not found in PATH. Exiting... " >&2 - exit 1 -} -printf "Done.\n" - -####################################################################################### -### Read inputs and configs -### - -# Required inputs - -if [[ -z "$RADIX_ZONE_ENV" ]]; then - echo "ERROR: Please provide RADIX_ZONE_ENV" >&2 - exit 1 -else - if [[ ! -f "$RADIX_ZONE_ENV" ]]; then - echo "ERROR: RADIX_ZONE_ENV=$RADIX_ZONE_ENV is invalid, the file does not exist." >&2 - exit 1 - fi - source "$RADIX_ZONE_ENV" -fi - -LIB_SERVICE_PRINCIPAL_PATH="$RADIX_PLATFORM_REPOSITORY_PATH/scripts/service-principals-and-aad-apps/lib_service_principal.sh" -if [[ ! -f "$LIB_SERVICE_PRINCIPAL_PATH" ]]; then - echo "ERROR: The dependency LIB_SERVICE_PRINCIPAL_PATH=$LIB_SERVICE_PRINCIPAL_PATH is invalid, the file does not exist." >&2 - exit 1 -else - source "$LIB_SERVICE_PRINCIPAL_PATH" -fi - -LIB_MANAGED_IDENTITY_PATH="$RADIX_PLATFORM_REPOSITORY_PATH/scripts/service-principals-and-aad-apps/lib_managed_identity.sh" -if [[ ! -f "$LIB_MANAGED_IDENTITY_PATH" ]]; then - echo "ERROR: The dependency LIB_SERVICE_PRINCIPAL_PATH=$LIB_MANAGED_IDENTITY_PATH is invalid, the file does not exist." >&2 - exit 1 -else - source "$LIB_MANAGED_IDENTITY_PATH" -fi - -####################################################################################### -### Prepare az session -### - -printf "Logging you in to Azure if not already logged in... " -az account show >/dev/null || az login >/dev/null -az account set --subscription "$AZ_SUBSCRIPTION_ID" >/dev/null -printf "Done.\n" - -### Start - -printf "Creating role...\n" -cat <&2 - exit 1 -} - -# set-kv-policy "${object_id}" "get set" - -namespaces=("default" "ingress-nginx" "radix-web-console-qa" "radix-cicd-canary" "flux-system" "radix-api-qa" "radix-canary-golang-qa" "radix-cost-allocation-api-qa" "radix-platform-qa" "radix-github-webhook-qa" "monitor") - -for namespace in "${namespaces[@]}"; do - printf "Creating rolebinding in %s...\n" "${namespace}" - cat <&1 >/dev/null - printf "Done\n" -done - -echo "" -echo "Bootstrap of github maintenance done!" diff --git a/scripts/migrate.sh b/scripts/migrate.sh index b347ea85e..16d52257f 100755 --- a/scripts/migrate.sh +++ b/scripts/migrate.sh @@ -179,12 +179,6 @@ if ! [[ -x "$INSTALL_BASE_COMPONENTS_SCRIPT" ]]; then echo "ERROR: The install base components script is not found or it is not executable in path $INSTALL_BASE_COMPONENTS_SCRIPT" >&2 fi -# PROMETHEUS_CONFIGURATION_SCRIPT="$WORKDIR_PATH/prometheus-operator/configure.sh" -# if ! [[ -x "$PROMETHEUS_CONFIGURATION_SCRIPT" ]]; then -# # Print to stderror -# echo "ERROR: The prometheus configuration script is not found or it is not executable in path $PROMETHEUS_CONFIGURATION_SCRIPT" >&2 -# fi - RESTORE_APPS_SCRIPT="$WORKDIR_PATH/velero/restore/restore_apps.sh" if ! [[ -x "$RESTORE_APPS_SCRIPT" ]]; then # Print to stderror @@ -197,12 +191,6 @@ if ! [[ -x "$UPDATE_STORAGEACCOUNT_FIREWALL_SCRIPT" ]]; then echo "ERROR: The update storageaccount firewall script is not found or it is not executable in path $UPDATE_STORAGEACCOUNT_FIREWALL_SCRIPT" >&2 fi -ADD_REPLY_URL_SCRIPT="$WORKDIR_PATH/add_reply_url_for_cluster.sh" -if ! [[ -x "$ADD_REPLY_URL_SCRIPT" ]]; then - # Print to stderror - echo "ERROR: The replyUrl script is not found or it is not executable in path $ADD_REPLY_URL_SCRIPT" >&2 -fi - WEB_CONSOLE_EGRESS_IP_SCRIPT="$WORKDIR_PATH/update_ips_env_vars_for_console.sh" if ! [[ -x "$WEB_CONSOLE_EGRESS_IP_SCRIPT" ]]; then # Print to stderror @@ -215,36 +203,12 @@ if ! [[ -x "$WEB_CONSOLE_CLUSTER_OIDC_ISSUER_SCRIPT" ]]; then echo "ERROR: The web console cluster oidc issuer script is not found or it is not executable in path $WEB_CONSOLE_CLUSTER_OIDC_ISSUER_SCRIPT" >&2 fi -# MOVE_CUSTOM_INGRESSES_SCRIPT="$WORKDIR_PATH/move_custom_ingresses.sh" -# if ! [[ -x "$MOVE_CUSTOM_INGRESSES_SCRIPT" ]]; then -# # Print to stderror -# echo "ERROR: The move custom ingresses script is not found or it is not executable in path $MOVE_CUSTOM_INGRESSES_SCRIPT" >&2 -# fi - -UPDATE_AUTH_PROXY_SECRET_SCRIPT="$WORKDIR_PATH/update_auth_proxy_secret_for_console.sh" -if ! [[ -x "$UPDATE_AUTH_PROXY_SECRET_SCRIPT" ]]; then - # Print to stderror - echo "ERROR: The update auth proxy secret script is not found or it is not executable in path $UPDATE_AUTH_PROXY_SECRET_SCRIPT" >&2 -fi - UPDATE_NETWORKPOLICY_CANARY_SECRET_SCRIPT="$WORKDIR_PATH/cicd-canary/update_secret_for_networkpolicy_canary.sh" if ! [[ -x "$UPDATE_NETWORKPOLICY_CANARY_SECRET_SCRIPT" ]]; then # Print to stderror echo "ERROR: The update networkpolicy canary secret script is not found or it is not executable in path $UPDATE_NETWORKPOLICY_CANARY_SECRET_SCRIPT" >&2 fi -# CREATE_REDIS_CACHE_SCRIPT="$WORKDIR_PATH/redis/create_redis_cache_for_console.sh" -# if ! [[ -x "$CREATE_REDIS_CACHE_SCRIPT" ]]; then -# # Print to stderror -# echo "ERROR: The create redis cache script is not found or it is not executable in path $CREATE_REDIS_CACHE_SCRIPT" >&2 -# fi - -# UPDATE_REDIS_CACHE_SECRET_SCRIPT="$WORKDIR_PATH/redis/update_redis_cache_for_console.sh" -# if ! [[ -x "$UPDATE_REDIS_CACHE_SECRET_SCRIPT" ]]; then -# # Print to stderror -# echo "ERROR: The update redis cache script is not found or it is not executable in path $UPDATE_REDIS_CACHE_SECRET_SCRIPT" >&2 -# fi - RADIX_API_ENV_VAR_SCRIPT="$WORKDIR_PATH/update_env_vars_for_radix_api.sh" if ! [[ -x "$RADIX_API_ENV_VAR_SCRIPT" ]]; then # Print to stderror @@ -263,12 +227,6 @@ if ! [[ -x "$CHECK_APPREG_SECRETS" ]]; then echo "ERROR: The check keyvault secrets script is not found or it is not executable in path $CHECK_APPREG_SECRETS" >&2 fi -GITHUB_MAINTENANCE_SCRIPT="$WORKDIR_PATH/github_maintenance/bootstrap.sh" -if ! [[ -x "$GITHUB_MAINTENANCE_SCRIPT" ]]; then - # Print to stderror - echo "ERROR: The github maintenance secrets script is not found or it is not executable in path $GITHUB_MAINTENANCE_SCRIPT" >&2 -fi - ####################################################################################### ### Prepare az session ### @@ -294,21 +252,6 @@ printf "Done.\n" # ### Check the migration strategy # ### -# while true; do -# read -r -e -p "Are you migrating active to active or active to test? (aa/at) " -i "at" yn -# case $yn in -# "aa") -# MIGRATION_STRATEGY="aa" -# break -# ;; -# "at") -# MIGRATION_STRATEGY="at" -# break -# ;; -# *) echo "Please answer aa or at." ;; -# esac -# done - MIGRATION_STRATEGY="aa" ####################################################################################### @@ -389,61 +332,6 @@ if [[ ${BACKUP_NAME} == "migration-"* ]]; then echo "" fi -# create_redis_cache=true -# if [[ $USER_PROMPT == true ]]; then -# while true; do -# read -r -p "Create Redis Caches for Console? (Y/n) " yn -# case $yn in -# [Yy]*) break ;; -# [Nn]*) -# create_redis_cache=false -# exit 0 -# ;; -# *) echo "Please answer yes or no." ;; -# esac -# done -# echo "" -# fi - -# if [[ $create_redis_cache == true ]]; then -# printf "Creating Redis Caches for Console...\n" -# ( -# printf "%s► Execute %s (RADIX_WEB_CONSOLE_ENV=qa)%s\n" "${grn}" "$CREATE_REDIS_CACHE_SCRIPT" "${normal}" -# RADIX_ZONE_ENV="$RADIX_ZONE_ENV" AUTH_PROXY_COMPONENT="$AUTH_PROXY_COMPONENT" CLUSTER_NAME="$DEST_CLUSTER" RADIX_WEB_CONSOLE_ENV="qa" USER_PROMPT="false" source "$CREATE_REDIS_CACHE_SCRIPT" -# echo "" -# printf "%s► Execute %s (RADIX_WEB_CONSOLE_ENV=prod)%s\n" "${grn}" "$CREATE_REDIS_CACHE_SCRIPT" "${normal}" -# RADIX_ZONE_ENV="$RADIX_ZONE_ENV" AUTH_PROXY_COMPONENT="$AUTH_PROXY_COMPONENT" CLUSTER_NAME="$DEST_CLUSTER" RADIX_WEB_CONSOLE_ENV="prod" USER_PROMPT="false" source "$CREATE_REDIS_CACHE_SCRIPT" -# ) -# printf "Done...\n" -# fi - -# Give option to create dest cluster if it does not exist -# echo "" -# echo "Verifying destination cluster existence..." -# get_credentials "$AZ_RESOURCE_GROUP_CLUSTERS" "$DEST_CLUSTER" || { -# if [[ $USER_PROMPT == true ]]; then -# while true; do -# read -r -p "Destination cluster does not exists. Create cluster? (Y/n) " yn -# case $yn in -# [Yy]*) break ;; -# [Nn]*) -# echo "Aborting..." -# exit 0 -# ;; -# *) echo "Please answer yes or no." ;; -# esac -# done -# fi - -# echo "" -# echo "Creating destination cluster..." -# printf "%s► Execute %s%s\n" "${grn}" "$BOOTSTRAP_AKS_SCRIPT" "${normal}" -# (RADIX_ZONE_ENV="$RADIX_ZONE_ENV" CLUSTER_NAME="$DEST_CLUSTER" USER_PROMPT="$USER_PROMPT" MIGRATION_STRATEGY="$MIGRATION_STRATEGY" source "$BOOTSTRAP_AKS_SCRIPT") -# wait # wait for subshell to finish - -# [[ "$(kubectl config current-context)" != "$DEST_CLUSTER" ]] && exit 1 -# } - echo "You need to create a pull request to make ready for new cluster" echo "Procedure:" echo "- Make a new branch in radix-platform" @@ -515,20 +403,6 @@ if [[ "${OSTYPE}" == "linux-gnu"* ]]; then fi -# Wait for prometheus to be deployed from flux -echo "" -printf "Wait for prometheus to be deployed by flux-operator..." -while [[ "$(kubectl get deploy prometheus-operator-operator --namespace monitor 2>&1)" == *"Error"* ]]; do - printf "." - sleep 5 -done -printf " Done.\n" - -# echo "" -# printf "%s► Execute %s%s\n" "${grn}" "$PROMETHEUS_CONFIGURATION_SCRIPT" "${normal}" -# (RADIX_ZONE_ENV="${RADIX_ZONE_ENV}" USER_PROMPT="${USER_PROMPT}" CLUSTER_NAME="${DEST_CLUSTER}" source "${PROMETHEUS_CONFIGURATION_SCRIPT}") -# wait - # Wait for operator to be deployed from flux echo "" echo "Waiting for radix-operator to be deployed by flux-operator so that it can handle migrated apps" @@ -539,26 +413,6 @@ while [[ "$(kubectl get deploy radix-operator 2>&1)" == *"Error"* ]]; do done printf " Done." -# Wait for grafana to be deployed from flux -echo "" -echo "Waiting for grafana to be deployed by flux-operator so that we can add the ingress as a replyURL to \"$APP_REGISTRATION_GRAFANA\"" -while [[ "$(kubectl get deploy grafana --namespace monitor 2>&1)" == *"Error"* ]]; do - printf "." - sleep 5 -done - -echo "" -# Add grafana replyUrl to AAD app -# printf "%s► Execute %s%s\n" "${grn}" "$ADD_REPLY_URL_SCRIPT" "${normal}" -# (AAD_APP_NAME="${APP_REGISTRATION_GRAFANA}" K8S_NAMESPACE="monitor" K8S_INGRESS_NAME="grafana" REPLY_PATH="/login/generic_oauth" USER_PROMPT="$USER_PROMPT" source "$ADD_REPLY_URL_SCRIPT") -# wait # wait for subshell to finish - -# echo "" -# echo "Updating storageaccount firewall..." -# printf "%s► Execute %s%s\n" "${grn}" "$UPDATE_STORAGEACCOUNT_FIREWALL_SCRIPT" "${normal}" -# (RADIX_ZONE_ENV="$RADIX_ZONE_ENV" CLUSTER_NAME="$DEST_CLUSTER" ACTION="add" source "$UPDATE_STORAGEACCOUNT_FIREWALL_SCRIPT") -# wait # wait for subshell to finish - # Wait for velero to be deployed from flux echo "" echo "Waiting for velero to be deployed by flux-operator so that it can handle restore into cluster from backup" @@ -694,30 +548,11 @@ if [[ $CLUSTER_TYPE == "development" ]]; then # Development cluster uses QA web-console RADIX_WEB_CONSOLE_ENV="qa" fi -WEB_CONSOLE_NAMESPACE="radix-web-console-$RADIX_WEB_CONSOLE_ENV" -AUTH_PROXY_COMPONENT="web-aux-oauth" -AUTH_PROXY_REPLY_PATH="/oauth2/callback" -WEB_REDIRECT_URI="/applications" -WEB_COMPONENT="web" - -# Update replyUrls for those radix apps that require AD authentication -printf "\nWaiting for web-console ingress to be ready so we can add replyUrl to web console aad app..." -printf "\nIf this takes to long, you can try to restart the radix operator (kubectl rollout restart deployment radix-operator) in another console window" -while [[ "$(kubectl get ingress $AUTH_PROXY_COMPONENT --namespace $WEB_CONSOLE_NAMESPACE 2>&1)" == *"Error"* ]]; do - printf "." - sleep 5 -done -printf "\nIngress is ready, adding replyUrl for radix web-console...\n" - -# printf "%s► Execute %s%s\n" "${grn}" "$ADD_REPLY_URL_SCRIPT" "${normal}" -# (AAD_APP_NAME="Omnia Radix Web Console - ${CLUSTER_TYPE^}" K8S_NAMESPACE="$WEB_CONSOLE_NAMESPACE" K8S_INGRESS_NAME="$AUTH_PROXY_COMPONENT" REPLY_PATH="$AUTH_PROXY_REPLY_PATH" WEB_REDIRECT_URI="${WEB_REDIRECT_URI}" USER_PROMPT="$USER_PROMPT" source "$ADD_REPLY_URL_SCRIPT") -# wait # wait for subshell to finish -# printf "Done.\n" # Update web console web component with list of all IPs assigned to the cluster type (development|playground|production) echo "" printf "%s► Execute %s%s\n" "${grn}" "$WEB_CONSOLE_EGRESS_IP_SCRIPT" "${normal}" -(RADIX_ZONE_ENV="$RADIX_ZONE_ENV" WEB_COMPONENT="$WEB_COMPONENT" RADIX_WEB_CONSOLE_ENV="$RADIX_WEB_CONSOLE_ENV" CLUSTER_NAME="$DEST_CLUSTER" STAGING="$STAGING" source "$WEB_CONSOLE_EGRESS_IP_SCRIPT") +(RADIX_ZONE_ENV="$RADIX_ZONE_ENV" RADIX_WEB_CONSOLE_ENV="$RADIX_WEB_CONSOLE_ENV" CLUSTER_NAME="$DEST_CLUSTER" STAGING="$STAGING" source "$WEB_CONSOLE_EGRESS_IP_SCRIPT") wait # wait for subshell to finish echo "" @@ -741,66 +576,6 @@ printf "\n%s► Execute %s%s\n" "${grn}" "$UPDATE_NETWORKPOLICY_CANARY_SECRET_SC wait # wait for subshell to finish echo "" -# Set up secret and hostname for Redis Cache in Web Console -# printf "%s► Execute %s (RADIX_WEB_CONSOLE_ENV=qa)%s\n" "${grn}" "$UPDATE_REDIS_CACHE_SECRET_SCRIPT" "${normal}" -# RADIX_ZONE_ENV="$RADIX_ZONE_ENV" AUTH_PROXY_COMPONENT="$AUTH_PROXY_COMPONENT" CLUSTER_NAME="$DEST_CLUSTER" RADIX_WEB_CONSOLE_ENV="qa" USER_PROMPT="false" source "$UPDATE_REDIS_CACHE_SECRET_SCRIPT" -# printf "%s► Execute %s (RADIX_WEB_CONSOLE_ENV=prod)%s\n" "${grn}" "$UPDATE_REDIS_CACHE_SECRET_SCRIPT" "${normal}" -# RADIX_ZONE_ENV="$RADIX_ZONE_ENV" AUTH_PROXY_COMPONENT="$AUTH_PROXY_COMPONENT" CLUSTER_NAME="$DEST_CLUSTER" RADIX_WEB_CONSOLE_ENV="prod" USER_PROMPT="false" source "$UPDATE_REDIS_CACHE_SECRET_SCRIPT" - - -# if [[ $update_redis_cache == true ]]; then -# printf "Updating Redis Caches for Console...\n" -# ( -# printf "%s► Execute %s (RADIX_WEB_CONSOLE_ENV=qa)%s\n" "${grn}" "$UPDATE_REDIS_CACHE_SECRET_SCRIPT" "${normal}" -# RADIX_ZONE_ENV="$RADIX_ZONE_ENV" AUTH_PROXY_COMPONENT="$AUTH_PROXY_COMPONENT" CLUSTER_NAME="$DEST_CLUSTER" RADIX_WEB_CONSOLE_ENV="qa" USER_PROMPT="false" source "$UPDATE_REDIS_CACHE_SECRET_SCRIPT" -# printf "%s► Execute %s (RADIX_WEB_CONSOLE_ENV=prod)%s\n" "${grn}" "$UPDATE_REDIS_CACHE_SECRET_SCRIPT" "${normal}" -# RADIX_ZONE_ENV="$RADIX_ZONE_ENV" AUTH_PROXY_COMPONENT="$AUTH_PROXY_COMPONENT" CLUSTER_NAME="$DEST_CLUSTER" RADIX_WEB_CONSOLE_ENV="prod" USER_PROMPT="false" source "$UPDATE_REDIS_CACHE_SECRET_SCRIPT" -# ) -# printf "Done...\n" -# fi - -# Move custom ingresses -# if [[ $MIGRATION_STRATEGY == "aa" ]]; then -# CUSTOM_INGRESSES=true -# else -# CUSTOM_INGRESSES=false -# fi - -# echo "" -# if [[ $USER_PROMPT == true && $MIGRATION_STRATEGY == "aa" ]]; then -# while true; do -# read -r -p "Move custom ingresses (e.g. console.*.radix.equinor.com) from source to dest cluster? (Y/n) " yn -# case $yn in -# [Yy]*) break ;; -# [Nn]*) -# CUSTOM_INGRESSES=false -# break -# ;; -# *) echo "Please answer yes or no." ;; -# esac -# done -# fi - -# if [[ $CUSTOM_INGRESSES == true ]]; then -# printf "%s► Execute %s (RADIX_WEB_CONSOLE_ENV=qa)%s\n" "${grn}" "$MOVE_CUSTOM_INGRESSES_SCRIPT" "${normal}" -# source "$MOVE_CUSTOM_INGRESSES_SCRIPT" -# else -# echo "" -# printf "For the web console to work we need to apply the secrets for the auth proxy, using the custom ingress as reply url\n" -# printf "Update Auth proxy secret...\n" -# printf "%s► Execute %s%s\n" "${grn}" "$UPDATE_AUTH_PROXY_SECRET_SCRIPT" "${normal}" -# (RADIX_ZONE_ENV="$RADIX_ZONE_ENV" AUTH_PROXY_COMPONENT="$AUTH_PROXY_COMPONENT" WEB_COMPONENT="$WEB_COMPONENT" WEB_CONSOLE_NAMESPACE="$WEB_CONSOLE_NAMESPACE" AUTH_PROXY_REPLY_PATH="$AUTH_PROXY_REPLY_PATH" source "$UPDATE_AUTH_PROXY_SECRET_SCRIPT") -# wait # wait for subshell to finish -# fi - -if [ "$RADIX_ZONE" = "dev" ]; then - # Create role for github maintenance - printf "\n%s► Execute %s%s\n" "${grn}" "$GITHUB_MAINTENANCE_SCRIPT" "${normal}" - (RADIX_ZONE_ENV="$RADIX_ZONE_ENV" source "$GITHUB_MAINTENANCE_SCRIPT") - wait # wait for subshell to finish - echo "" -fi - if [[ -d "${RADIX_ZONE_PATH}" ]]; then for filename in "${RADIX_ZONE_PATH}"/*.env; do if [[ "${filename}" == *test* ]]; then continue; fi diff --git a/scripts/move_custom_ingresses.sh b/scripts/move_custom_ingresses.sh index 386989a94..84afc242b 100755 --- a/scripts/move_custom_ingresses.sh +++ b/scripts/move_custom_ingresses.sh @@ -106,20 +106,6 @@ else source $LIB_DNS_SCRIPT fi -####################################################################################### -### Define web console auth secret variables -### - -AUTH_PROXY_COMPONENT="auth" -AUTH_PROXY_REPLY_PATH="/oauth2/callback" -WEB_COMPONENT="web" -RADIX_WEB_CONSOLE_ENV="prod" -if [[ $CLUSTER_TYPE == "development" ]]; then - RADIX_WEB_CONSOLE_ENV="qa" -fi -AUTH_INGRESS_SUFFIX=".custom-domain" -WEB_CONSOLE_NAMESPACE="radix-web-console-$RADIX_WEB_CONSOLE_ENV" - ####################################################################################### ### Prepare az session ### @@ -219,13 +205,6 @@ done set +f printf "Done. \n" - -#echo "" -#printf "Update auth proxy secret and redis cache...\n" -#printf "%s► Execute %s%s\n" "${grn}" "$UPDATE_AUTH_PROXY_SECRET_FOR_CONSOLE_SCRIPT" "${normal}" -#(RADIX_ZONE_ENV="$RADIX_ZONE_ENV" CLUSTER="$DEST_CLUSTER" AUTH_PROXY_COMPONENT="$AUTH_PROXY_COMPONENT" WEB_COMPONENT="$WEB_COMPONENT" AUTH_INGRESS_SUFFIX="$AUTH_INGRESS_SUFFIX" WEB_CONSOLE_NAMESPACE="$WEB_CONSOLE_NAMESPACE" AUTH_PROXY_REPLY_PATH="$AUTH_PROXY_REPLY_PATH" source "$UPDATE_AUTH_PROXY_SECRET_FOR_CONSOLE_SCRIPT") -#wait # wait for subshell to finish - ####################################################################################### if [[ -z $CI ]]; then diff --git a/scripts/update_ips_env_vars_for_console.sh b/scripts/update_ips_env_vars_for_console.sh index 7f18fb2de..a985c1f0c 100755 --- a/scripts/update_ips_env_vars_for_console.sh +++ b/scripts/update_ips_env_vars_for_console.sh @@ -4,15 +4,14 @@ # Adds all Private IP Prefix IPs assigned to the Radix Zone to the environment variables of the web component of Radix Web Console. # Example 1: -# RADIX_ZONE_ENV=./radix-zone/radix_zone_dev.env WEB_COMPONENT="web" RADIX_WEB_CONSOLE_ENV="qa" CLUSTER_NAME="weekly-1" ./update_ips_env_vars_for_console.sh +# RADIX_ZONE_ENV=./radix-zone/radix_zone_dev.env RADIX_WEB_CONSOLE_ENV="qa" CLUSTER_NAME="weekly-1" ./update_ips_env_vars_for_console.sh # # Example 2: Using a subshell to avoid polluting parent shell -# (RADIX_ZONE_ENV=./radix-zone/radix_zone_dev.env WEB_COMPONENT="web" RADIX_WEB_CONSOLE_ENV="qa" CLUSTER_NAME="weekly-1" ./update_ips_env_vars_for_console.sh) +# (RADIX_ZONE_ENV=./radix-zone/radix_zone_dev.env RADIX_WEB_CONSOLE_ENV="qa" CLUSTER_NAME="weekly-1" ./update_ips_env_vars_for_console.sh) # # INPUTS: # RADIX_ZONE_ENV (Mandatory) -# WEB_COMPONENT (Mandatory) # RADIX_WEB_CONSOLE_ENV (Mandatory) # Optional: @@ -65,11 +64,6 @@ else source "$RADIX_ZONE_ENV" fi -if [[ -z "$WEB_COMPONENT" ]]; then - echo "ERROR: Please provide WEB_COMPONENT." >&2 - exit 1 -fi - if [[ -z "$RADIX_WEB_CONSOLE_ENV" ]]; then echo "ERROR: Please provide RADIX_WEB_CONSOLE_ENV." >&2 exit 1 @@ -160,7 +154,7 @@ function updateIpsEnvVars() { ip_list=$(az network public-ip prefix show --name ${ippre_name} --resource-group ${AZ_RESOURCE_GROUP_COMMON} | jq -r .ipPrefix) fi printf "Done.\n" - updateComponentEnvVar "server-radix-api-prod.${CLUSTER_NAME}.${AZ_RESOURCE_DNS}" "radix-web-console" "${RADIX_WEB_CONSOLE_ENV}" "${WEB_COMPONENT}" "${env_var_configmap_name}" "${ip_list}" + updateComponentEnvVar "server-radix-api-prod.${CLUSTER_NAME}.${AZ_RESOURCE_DNS}" "radix-web-console" "${RADIX_WEB_CONSOLE_ENV}" "web" "${env_var_configmap_name}" "${ip_list}" echo "Web component env variable updated with Public IP Prefix IPs." } @@ -170,6 +164,6 @@ updateIpsEnvVars "${INGRESS_IPS_ENV_VAR_CONFIGMAP_NAME}" "${AZ_IPPRE_INBOUND_NAM # Restart deployment for web component printf "Restarting web deployment...\n" -kubectl rollout restart deployment -n radix-web-console-"${RADIX_WEB_CONSOLE_ENV}" "${WEB_COMPONENT}" +kubectl rollout restart deployment -n radix-web-console-"${RADIX_WEB_CONSOLE_ENV}" "web" echo "Done."