Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Complete refactor to add better Argo CD functionality (#79)
* add registry docker as an approved repo for bitnami mongo charts for infisical
* remove yaml dump on extra password for mongodb
* fix secret keys typo for infisical hostname key
* clean up defaults and update click in poetry lock
* solve when we delete stuff
* fix where we check if bitwarden is enabled
* catch other bitwarden error in dict
* change sync to happen on get item
* fix cert clusterissuer and clean up bitwarden debugs
* fix cluster issuers again
* only prompt for infisical smtp secret if it doesn't exist
* disable infisical by default again and enable eso. also alphabetize the env var dict for infisical in case it is ever production ready
* note again that infisical is not quite there yet and enable eso again
* fix return of config on delete
* fix custom fields for zitadel
* update fields dict
* add a wait for zitadel app to up before we configure it
* fix a bunch of bitwarden fields issues
* fix vouch bitwarden custom fields
* missed a vouch bitwarden item
* fix zitadel bitwarden db custom field for username
* switch back to cockroachdb as the default
* wait on zitadel first, followed by zitadel-web-app when bootstrapping zitadel
* attempt to fix zitadel get secret
* actually log the response from bw sync
* add getting data parameter the correct way for the zitadel secret
* add k8up as a default app, and add project source repo for bitarden eso provider
* fix string to byte encoding in zitadel
* adding zitadel api debug lines
* process api token more thoroughly
* actually grab the key we need
* adding some debug lines for the zitadel api calls
* add function to create token and download the zitadel-tools if needed
* add deptry to the dev dependencies
* clean up token for zitadel
* generate api url from hostname in zitadel class
* fix where we write the json file for zitadel, moves to cache
* fix return of zitadel token
* add more debug notes and don't verify zitadel ssl connection due to homelab setup
* strip trailing new line in the api key
* doing some linting and formatting of doc comments for configure_keycloak
* adding api token
* add more notes on jwt for later
* adding proper jwt creation for hitting zitadel's oauth api to get a token
* improve how we rename a context with k3s and how we search for one generally
* add a debug line for what clusters equals for cluster initialization
* fix jwt tokens, add crypto library, and clean up k3s default context name
* clean up api token request
* clean up creation of token for zitadel api
* remove update project setttings and get project id functions in favor of creating a project
* make verify optional
* fix call to self.project_id
* fix res.json() calls and pass in 10s instead of 10 for timeout of action
* clean up call to k8s secret
* add deleting argocd secret plugin pod after secret update and fix secret update decoding
* clean up k8s api stuff
* use loads for new secret get func
* fix dict processing for zitadel
* decoded data didn't need to be loaded as it's already loaded else where
* updating how we update secrets
* try to fix how we uninstall k3s entirely
* make sure we delete both the context and cluster for a k3s cluster when we run --delete
* fix -o json for deletion of secrets
* change when we configure logging
* clean up how we do deletion... again
* fix variables for init
* cleanup deletion of secret
* fix delete cluster function
* change when we create json token
* add a typeerror catch
* adding better logging
* fix users prompt for zitadel api
* fix green highlight for zitadel user prompts
* allow a special character in the create password function
* change available genders to match api request spec for zitadel
* randomly assign a special character to zitadel human user and place in bitwarden if bitwarden is being used
* fix bitwarden import typo for zitadel api
* more typos in bitwarden class via zitadel api
* fix envs passed into the bitwarden sync method
* don't return userId for user grants
* fix call to vouch
* fix secret keys dict for vouch
* clean up federated function definitions and secret variable creation
* add a struct for custom bitwarden field to cut down on duplicate code and make it easier to read
* fix query of secret_keys dict
* fix more vouch flow bugs
* seperate out configuration of vouch oidc app from keycloak and zitadel
* add new init sections of each major app, add keycloak class, allow automatic setting of zitadel and keycloak first user through config file
* update to new password manager dict
* clean up metallb creation
* fix cert manager init
* fix cert manager secret key grab
* still default zitadel to psotgres for now
* more pretty headings and logging
* default enable vouch
* fix vouch with zitadel and keycloak and change it so that argo apps are created with - instead of _
* fix k8up project scoped repos
* add prometheus as a default app
* fix zitadel vouch app creation
* fix vouch.. again
* make zitadel obj return for main install function
* add grant for zitadel admin
* fix name of ingress nginx controller from nginx ingress
* fix default prometheus diectory
* add abilityt to set vouch-proxy emails and domains on init
* make sure we only prompt for vouch emails and domains if they are not present in the config file
* fix project for prometheus
* fix how we calculate source repos for a project
* make args for argo proj creation mandatory
* add argocd source repos to attempt to fix argo managing itself in it's own project
* attempt to fix metallb projects
* add more project source repos to the default config for the generation of the project
* update k8s distro structure in default config.yml again
* make check_contexts not optional
* change name of secret and bitwarden item we create for argocd oidc provider
* attempt to fix argocd secret update for oidc param
* change admin role key to be super-user according to terraform docs
* fix yaml import
* fix typo for getting k8s distros
* try to fix update secret in-line yaml
* add back k9s functionality
* fix creation of argo cd oidc secret
* change cert-manager to cert_manager
* create initial secret token for appset communication
* update to newest version of argocd appset generator
* update to latest argocd appset generator version
* fix typo in argocd appset generator secret for helm value
* add latest argocd appset generator plugin
* update to latest version of argocd helm chart
* add more vouch logging
* make all argo apps apply outofsync only, add auto-generated jwt secret to vouch secrets
* clean up vouch a bit more by adding comments, fixing doc strings, and adjusting required parameters
* fix creating vouch jwt secret
* add some additional info at the end
* add preferred domain option
* make password creation tool allow for variable characters, make vouch jwt secret default to 44 characters
* fix final printed panel to be more spaced out
* update to latest argocd secrets generator helm chart
* set preferred domain to empty string
* switch monitoring to the prometheus namespace
* reorg of code again
* cleaning up more imports about reorg
* more import cleanup
* clean up more imports
* fix even more imports
* more fixing of imports
* fix incorrect imports and config app reference for bweso
* clean up secrets management printing
* fix arguments for secrets management
* fix bitwarden obj to eso
* clean up console logging functions and add emoji arg
* cleaning up some more headers
* more emojis
* more pretty printing
* clean up federated apps a bit
* fix up final part of install_with_argo call for nexdtcloud
* try to nest vouch preferred domain quotes harder
* try to fix vouch empty value
* fix nextcloud postgres credentials generation
* add github.io domain for prometheus repo
* update which namespaces are allowed for just prometheus which is special
* add new user grant to vouch user for zitadel
* clean up vouch user id issue
* add new create user org membership
* update zitadel admin role grant
* tidy up membership grant for new user
* we're zitadel users, scale it back a bit, we want to explore the entire project
* fix api call name
* finally fix zitadel admin role creation
* never check in .env files
* fixing emoji header to not have any clouds
* fix keycloak vouch client id
* add logout url to the secrets for argocd
* fix logout url param name
* update global cluster issuer to be a thing
* enable prometheus push gateway fdqn to be set
* clean up nextcloud deployment
* update more args to be typed and non-optional when needed
* finish fixing typing on all args
* consolidate base into __init__
* updating version of argocd helm chart
* update vouch urls
* add additional redirect URIs
* add end session url to vouch for zitadel
* clean up zitadel urls to be more readable
* clean up vouch some more, because we forgot the port for the callback url
* more edits to vouch in an attempt to make it work with zitadel
* callback url can be multiple so changing it back for vouch
* allow user to set max pods per node with k3s
* clean up default global cluster issuer
* use sudo to create the kubelet file
* nooooow we can set default pod limits
* fix call to username for nextcloud
* make sure to verify that a provider was also configured or we can't initialize vouch
* wait on ESO, just in case
* update how we process redirect uris, and when we check for existing provider if we're already in vouch init phase
* add flow type triggers to action creation
* fix argocd zitadel login
* add logging for when we do the zitadel vouch app user grant
* fixed spacing of zitadel app action
* update user grant for vouch, instead of creating a new one
* add even more logging of vouch oauth bitwarden item creation
* fix vouch user type iteration and fix verify to be false by default
* try to simplify all the custom fields for the vouch oauth bitwarden item and add preferredDomain
* updating it so we don't verify any certs if global cluster issuer is set to staging
* fix max_pods to actually be passed in so it is configurable
* fix missed tls verify param pass in
* add new zitadel link after user builds smol-k8s-lab
* fix bug where we never setup the cluster issuers
* fix vouch user grant and explicitly specify key word arguments for surrounding functions so I don't get confused
* update argocd fullnameOverride
* adding nextcloud backups secrets
* allow for an existing restic repo password
* change all federated apps to be app specific py files
* update serverInfoToken secret key for nextcloud
* update redis creds creation comments for nextcloud
* add smtp host to list of things we create keys in a secret for in nextcloud
* clean up nextcloud postgres credentials creation
* add timezone to secret keys we request for k8up when init is enabled
* add init enabled
* bump default metallb version
* adding cilium to play with and moving both that and metallb to networking module
* add cilium as an optional app and tidy up helm module/class
* adding cilium to default apps
* disable cilium by default
* install cillium BEFORE metallb
* install cilium to match argocd applicationset values
* fix cilium installation dict
* updating argocd apps to use correct Helm class name
* update vouch secret keys processing
* clean up argocd.py to have two distinct functions for argocd vs the plugin generator
* add argocd login {argo_cd_domain} --core to make argocd talk directly to k8s
* fix args in call to configure_secret_plugin_generator()
* update readme for all the new apps we support
* add minio icon
* add kepler, mastodon, and nextcloud logos
* adding cilium, k8tz, k8up, and keycloak logos
* Update README.md - add logo descriptions
* add matrix, vouch, and zitadel logos
* adding alpha to kepler and minio, and adding minio hostname
* move k8s_apps into it's own directory outside of notes
* add back k8s tools notes
* more updates to docs
* Update pyproject.toml - this really is a 1.0.0 and there's no avoiding it
* updating a quick example app
* add k8tz as an alpha app
* Update docs/index.md - fix grammar
Co-authored-by: Max! <[email protected]>
* update screenshot for brand new version :)
* update argocd version
* upgrade cert manager and ingress default versions
---------
Co-authored-by: Max! <[email protected]>- Loading branch information
