Merge pull request #199 from RADAR-base/internal-chart-version

release 1.0.0 - hosting all helm charts

.github/workflows/push.yaml

@@ -0,0 +1,34 @@
+name: CI
+on: [push]
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/[email protected]
+
+    - name: Setup helmfile
+      uses: mamezou-tech/[email protected]
+
+    - name: Set up helmfile config
+      run: cp .github/environments.yaml environments.yaml
+
+    - name: Run helmfile template
+      run: |
+        helmfile template
+
+    # - name: Start a local k8s cluster
+    #   uses: jupyterhub/action-k3s-helm@v3
+    #   with:
+    #     # See available:
+    #     # - k3s release channels at https://github.com/k3s-io/k3s/blob/HEAD/channel.yaml
+    #     # - k3s versions at https://github.com/k3s-io/k3s/tags
+    #     # - helm versions at https://github.com/helm/helm/tags
+    #     k3s-channel: latest
+    #
+    # - name: Verify function of k8s, kubectl, and helm
+    #   run: |
+    #     echo "kubeconfig: $KUBECONFIG"
+    #     kubectl version
+    #     kubectl get pods --all-namespaces
+    #
+    #     helmfile sync --concurrency 1

.github/workflows/update.yaml

@@ -21,6 +21,6 @@ jobs:
 
       - name: Set up helmfile config
         run: cp .github/environments.yaml environments.yaml
-      
+
       - name: Check updates
         run: bin/chart-updates

.gitignore

@@ -1,6 +1,6 @@
 /.env
 kubernetes-HDFS/
-keystore.p12
+keystore.p12*
 radar-is.yml
 *.tgz
 production.yaml
@@ -13,6 +13,6 @@ charts/management-portal/files/root.crt
 charts/radar-rest-sources-backend/files/root.crt
 secrets.yaml
 secrets/
-.sops.yaml
+*.sops.*
 google-services.json
 google-credentials.json

bin/keystore-init

@@ -1,38 +1,60 @@
 #!/bin/bash
 
-#cd "$( dirname "${BASH_SOURCE[0]}" )/.."
-
-set -vx
-
 cd "$(dirname "${BASH_SOURCE[0]}")/.."
 . bin/util.sh
 
 function createKeyStore() {
   keystorefile="$1"
-  KEYTOOL_OPTS="-keystore ${keystorefile} -storepass radarbase -keypass radarbase $KEYSTORE_INIT_OPTS"
+  keytoolOpts=(-keystore "${keystorefile}" -storepass radarbase -keypass radarbase $KEYSTORE_OPTS)
 
-  if ! keytool -list $KEYTOOL_OPTS -alias radarbase-managementportal-ec >/dev/null 2>/dev/null; then
-    KEYTOOL_CREATE_OPTS="-genkeypair -alias radarbase-managementportal-ec -keyalg EC -groupname secp256r1 -sigalg SHA256withECDSA -storetype PKCS12 $KEYSTORE_CREATE_OPTS"
-    if [ -n "${MANAGEMENTPORTAL_KEY_DNAME}" ]; then
-      KEYTOOL_CREATE_OPTS="$KEYTOOL_CREATE_OPTS -dname ${MANAGEMENTPORTAL_KEY_DNAME}"
-    fi
+  if ! keytool -list "${keytoolOpts[@]}" -alias radarbase-managementportal-ec >/dev/null 2>/dev/null; then
     echo "--> Generating keystore to hold EC keypair for JWT signing"
-    keytool $KEYTOOL_CREATE_OPTS $KEYTOOL_OPTS
+    createOpts=(-genkeypair -validity 36500 -alias radarbase-managementportal-ec -keyalg EC -sigalg SHA256withECDSA -storetype PKCS12 $KEYSTORE_CREATE_OPTS)
+    if keytool -genkeypair -help 2>&1 | grep -q -- -groupname; then
+      # Java 8 or later
+      createOpts+=(-groupname secp256r1)
+    else
+      # Java 7
+      createOpts+=(-keysize 256)
+    fi
+    if [ -n "${DNAME}" ]; then
+      createOpts+=(-dname "${DNAME}")
+    fi
+    keytool "${createOpts[@]}" "${keytoolOpts[@]}"
+    echo
   else
     echo "--> ECDSA keypair for signing JWTs already exists. Not creating a new one."
   fi
 
-  if ! keytool -list $KEYTOOL_OPTS -alias selfsigned >/dev/null 2>/dev/null; then
-    KEYTOOL_CREATE_OPTS="-genkeypair -alias selfsigned -keyalg RSA -keysize 4096 -storetype PKCS12 $KEYSTORE_CREATE_OPTS"
-    if [ -n "${MANAGEMENTPORTAL_KEY_DNAME}" ]; then
-      KEYTOOL_CREATE_OPTS="$KEYTOOL_CREATE_OPTS -dname ${MANAGEMENTPORTAL_KEY_DNAME}"
-    fi
+  if ! keytool -list "${keytoolOpts[@]}" -alias selfsigned >/dev/null 2>/dev/null; then
     echo "--> Generating keystore to hold RSA keypair for JWT signing"
-    keytool $KEYTOOL_CREATE_OPTS $KEYTOOL_OPTS
+    createOpts=(-genkeypair -validity 36500 -alias selfsigned -keyalg RSA -keysize 4096 -storetype PKCS12 $KEYSTORE_CREATE_OPTS)
+    if [ -n "${DNAME}" ]; then
+      createOpts+=(-dname "${DNAME}")
+    fi
+    keytool "${createOpts[@]}" "${keytoolOpts[@]}"
+    echo
   else
     echo "--> RSA keypair for signing JWTs already exists. Not creating a new one."
   fi
 
+  if [ ! -e "${keystorefile}" ]; then
+    >&2 echo "FAILED TO CREATE KEYSTORE FILE $keystorefile"
+    exit 1
+  fi
+
+  if ! keytool -list "${keytoolOpts[@]}" -alias radarbase-managementportal-ec >/dev/null 2>/dev/null; then
+    >&2 echo "FAILED TO CREATE ECDSA KEY radarbase-managementportal-ec in $keystorefile. Please try again."
+    rm "${keystorefile}"
+    exit 1
+  fi
+
+  if ! keytool -list "${keytoolOpts[@]}" -alias selfsigned >/dev/null 2>/dev/null; then
+    >&2 echo "FAILED TO CREATE RSA KEY selfsigned in $keystorefile. Please try again."
+    rm "${keystorefile}"
+    exit 1
+  fi
+
   chmod 400 "${keystorefile}"
 }