argoproj · jessesuen · Apr 4, 2018 · Apr 4, 2018
@@ -19,7 +19,6 @@ func NewCommand() *cobra.Command {
 		clientConfig      clientcmd.ClientConfig
 		staticAssetsDir   string
 		repoServerAddress string
-		configMapName     string
 	)
 	var command = &cobra.Command{
 		Use:   cliName,
@@ -40,7 +39,7 @@ func NewCommand() *cobra.Command {
 			appclientset := appclientset.NewForConfigOrDie(config)
 			repoclientset := reposerver.NewRepositoryServerClientset(repoServerAddress)
 
-			argocd := server.NewServer(kubeclientset, appclientset, repoclientset, namespace, staticAssetsDir, configMapName)
+			argocd := server.NewServer(kubeclientset, appclientset, repoclientset, namespace, staticAssetsDir)
 			argocd.Run()
 		},
 	}
@@ -49,7 +48,6 @@ func NewCommand() *cobra.Command {
 	command.Flags().StringVar(&staticAssetsDir, "staticassets", "", "Static assets directory path")
 	command.Flags().StringVar(&logLevel, "loglevel", "info", "Set the logging level. One of: debug|info|warn|error")
 	command.Flags().StringVar(&repoServerAddress, "repo-server", "localhost:8081", "Repo server address.")
-	command.Flags().StringVar(&configMapName, "config-map", "", "Name of a Kubernetes config map to use.")
 	command.AddCommand(cli.NewVersionCmd(cliName))
 	return command
 }
@@ -21,6 +21,11 @@ func NewInstallCommand() *cobra.Command {
 		Run: func(c *cobra.Command, args []string) {
 			conf, err := clientConfig.ClientConfig()
 			errors.CheckError(err)
+			namespace, wasSpecified, err := clientConfig.Namespace()
+			errors.CheckError(err)
+			if wasSpecified {
+				installOpts.Namespace = namespace
+			}
 			installer, err := install.NewInstaller(conf, installOpts)
 			errors.CheckError(err)
 			installer.Install()
@@ -31,7 +36,6 @@ func NewInstallCommand() *cobra.Command {
 	command.Flags().BoolVar(&installOpts.ConfigSuperuser, "config-superuser", false, "create or update a superuser username and password")
 	command.Flags().BoolVar(&installOpts.CreateSignature, "create-signature", false, "create or update the server-side token signing signature")
 	command.Flags().StringVar(&installOpts.ConfigMap, "config-map", "", "apply settings from a Kubernetes config map")
-	command.Flags().StringVar(&installOpts.Namespace, "install-namespace", install.DefaultInstallNamespace, "install into a specific namespace")
 	command.Flags().StringVar(&installOpts.ControllerImage, "controller-image", install.DefaultControllerImage, "use a specified controller image")
 	command.Flags().StringVar(&installOpts.ServerImage, "server-image", install.DefaultServerImage, "use a specified api server image")
 	command.Flags().StringVar(&installOpts.UIImage, "ui-image", install.DefaultUIImage, "use a specified ui image")

@@ -21,12 +21,16 @@ func NewUninstallCommand() *cobra.Command {
 		Run: func(c *cobra.Command, args []string) {
 			conf, err := clientConfig.ClientConfig()
 			errors.CheckError(err)
+			namespace, wasSpecified, err := clientConfig.Namespace()
+			errors.CheckError(err)
+			if wasSpecified {
+				installOpts.Namespace = namespace
+			}
 			installer, err := install.NewInstaller(conf, installOpts)
 			errors.CheckError(err)
 			installer.Uninstall()
 		},
 	}
-	command.Flags().StringVar(&installOpts.Namespace, "install-namespace", install.DefaultInstallNamespace, "uninstall from a specific namespace")
 	clientConfig = cli.AddKubectlFlagsToCmd(command)
 	return command
 }
@@ -16,6 +16,12 @@ const (
 	SecretTypeCluster = "cluster"
 )
 
+const (
+	ArgoCDAdminUsername = "admin"
+	ArgoCDSecretName    = "argocd-secret"
+	ArgoCDConfigMapName = "argocd-cm"
+)
+
 var (
 	// LabelKeyAppInstance refers to the application instance resource name
 	LabelKeyAppInstance = MetadataPrefix + "/app-instance"
@@ -25,6 +31,7 @@ var (
 
 	// LabelKeyApplicationControllerInstanceID is the label which allows to separate application among multiple running application controllers.
 	LabelKeyApplicationControllerInstanceID = application.ApplicationFullName + "/controller-instanceid"
+
 	// LabelApplicationName is the label which indicates that resource belongs to application with the specified name
 	LabelApplicationName = application.ApplicationFullName + "/app-name"
 )
@@ -44,46 +51,3 @@ var ArgoCDManagerPolicyRules = []rbacv1.PolicyRule{
 		Verbs:     []string{"*"},
 	},
 }
-
-const (
-	ArgoCDServerServiceAccount = "argocd-server"
-	ArgoCDServerRole           = "argocd-server-role"
-	ArgoCDServerRoleBinding    = "argocd-server-role-binding"
-)
-
-var ArgoCDServerPolicyRules = []rbacv1.PolicyRule{
-	{
-		APIGroups: []string{""},
-		Resources: []string{"pods", "pods/exec", "pods/log"},
-		Verbs:     []string{"get", "list", "watch"},
-	},
-	{
-		APIGroups: []string{""},
-		Resources: []string{"secrets"},
-		Verbs:     []string{"create", "get", "list", "watch", "update", "patch", "delete"},
-	},
-	{
-		APIGroups: []string{"argoproj.io"},
-		Resources: []string{"applications"},
-		Verbs:     []string{"create", "get", "list", "watch", "update", "patch", "delete"},
-	},
-}
-
-const (
-	ApplicationControllerServiceAccount = "application-controller"
-	ApplicationControllerRole           = "application-controller-role"
-	ApplicationControllerRoleBinding    = "application-controller-role-binding"
-)
-
-var ApplicationControllerPolicyRules = []rbacv1.PolicyRule{
-	{
-		APIGroups: []string{""},
-		Resources: []string{"secrets"},
-		Verbs:     []string{"get"},
-	},
-	{
-		APIGroups: []string{"argoproj.io"},
-		Resources: []string{"applications"},
-		Verbs:     []string{"create", "get", "list", "watch", "update", "patch", "delete"},
-	},
-}
@@ -1,25 +1,24 @@
 package install
 
 import (
-	"bufio"
 	"fmt"
-	"log"
-	"os"
-	"strconv"
 	"strings"
 	"syscall"
 
+	"github.com/argoproj/argo-cd/common"
 	"github.com/argoproj/argo-cd/errors"
-	"github.com/argoproj/argo-cd/util"
+	"github.com/argoproj/argo-cd/util/config"
 	"github.com/argoproj/argo-cd/util/diff"
 	"github.com/argoproj/argo-cd/util/kube"
+	"github.com/argoproj/argo-cd/util/password"
+	"github.com/argoproj/argo-cd/util/session"
 	"github.com/ghodss/yaml"
 	"github.com/gobuffalo/packr"
+	log "github.com/sirupsen/logrus"
 	"github.com/yudai/gojsondiff/formatter"
 	"golang.org/x/crypto/ssh/terminal"
 	appsv1beta2 "k8s.io/api/apps/v1beta2"
 	apiv1 "k8s.io/api/core/v1"
-
 	rbacv1 "k8s.io/api/rbac/v1"
 	apiextensionsv1beta1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1"
 	apierr "k8s.io/apimachinery/pkg/api/errors"
@@ -75,6 +74,9 @@ func NewInstaller(config *rest.Config, opts InstallOptions) (*Installer, error)
 		box:            packr.NewBox("./manifests"),
 		config:         &shallowCopy,
 	}
+	if opts.Namespace == "" {
+		inst.Namespace = DefaultInstallNamespace
+	}
 	var err error
 	inst.dynClientPool = dynamic.NewDynamicClientPool(inst.config)
 	inst.disco, err = discovery.NewDiscoveryClientForConfig(inst.config)
@@ -87,6 +89,7 @@ func NewInstaller(config *rest.Config, opts InstallOptions) (*Installer, error)
 func (i *Installer) Install() {
 	i.InstallNamespace()
 	i.InstallApplicationCRD()
+	i.InstallSettings()
 	i.InstallApplicationController()
 	i.InstallArgoCDServer()
 	i.InstallArgoCDRepoServer()
@@ -105,12 +108,6 @@ func (i *Installer) Uninstall() {
 			i.MustUninstallResource(&obj)
 		}
 	}
-
-	// i.InstallNamespace()
-	// i.InstallApplicationCRD()
-	// i.InstallApplicationController()
-	// i.InstallArgoCDServer()
-	// i.InstallArgoCDRepoServer()
 }
 
 func (i *Installer) InstallNamespace() {
@@ -130,15 +127,61 @@ func (i *Installer) InstallApplicationCRD() {
 	i.MustInstallResource(kube.MustToUnstructured(&applicationCRD))
 }
 
+func (i *Installer) InstallSettings() {
+	kubeclientset, err := kubernetes.NewForConfig(i.config)
+	errors.CheckError(err)
+	configManager := config.NewConfigManager(kubeclientset, i.Namespace)
+	_, err = configManager.GetSettings()
+	if err != nil {
+		if !apierr.IsNotFound(err) {
+			log.Fatal(err)
+		}
+		// configmap/secret not yet created
+		signature, err := session.MakeSignature(32)
+		errors.CheckError(err)
+		passwordRaw := readAndConfirmPassword()
+		hashedPassword, err := password.HashPassword(passwordRaw)
+		errors.CheckError(err)
+		newSettings := config.ArgoCDSettings{
+			ServerSignature: signature,
+			LocalUsers: map[string]string{
+				common.ArgoCDAdminUsername: hashedPassword,
+			},
+		}
+		err = configManager.SaveSettings(&newSettings)
+		errors.CheckError(err)
+	} else {
+		log.Infof("Settings already exists. Skipping creation")
+	}
+}
+
+func readAndConfirmPassword() string {
+	for {
+		fmt.Print("*** Enter an admin password: ")
+		password, err := terminal.ReadPassword(syscall.Stdin)
+		errors.CheckError(err)
+		fmt.Print("\n")
+		fmt.Print("*** Confirm the admin password: ")
+		confirmPassword, err := terminal.ReadPassword(syscall.Stdin)
+		errors.CheckError(err)
+		fmt.Print("\n")
+		if string(password) == string(confirmPassword) {
+			return string(password)
+		}
+		log.Error("Passwords do not match")
+	}
+}
+
 func (i *Installer) InstallApplicationController() {
 	var applicationControllerServiceAccount apiv1.ServiceAccount
 	var applicationControllerRole rbacv1.Role
 	var applicationControllerRoleBinding rbacv1.RoleBinding
 	var applicationControllerDeployment appsv1beta2.Deployment
-	i.unmarshalManifest("02a_application-controller-sa.yaml", &applicationControllerServiceAccount)
-	i.unmarshalManifest("02b_application-controller-role.yaml", &applicationControllerRole)
-	i.unmarshalManifest("02c_application-controller-rolebinding.yaml", &applicationControllerRoleBinding)
-	i.unmarshalManifest("02d_application-controller-deployment.yaml", &applicationControllerDeployment)
+	i.unmarshalManifest("03a_application-controller-sa.yaml", &applicationControllerServiceAccount)
+	i.unmarshalManifest("03b_application-controller-role.yaml", &applicationControllerRole)
+	i.unmarshalManifest("03c_application-controller-rolebinding.yaml", &applicationControllerRoleBinding)
+	i.unmarshalManifest("03d_application-controller-deployment.yaml", &applicationControllerDeployment)
+	applicationControllerRoleBinding.Subjects[0].Namespace = i.Namespace
 	applicationControllerDeployment.Spec.Template.Spec.Containers[0].Image = i.ControllerImage
 	applicationControllerDeployment.Spec.Template.Spec.Containers[0].ImagePullPolicy = apiv1.PullPolicy(i.ImagePullPolicy)
 	i.MustInstallResource(kube.MustToUnstructured(&applicationControllerServiceAccount))
@@ -153,68 +196,29 @@ func (i *Installer) InstallArgoCDServer() {
 	var argoCDServerControllerRoleBinding rbacv1.RoleBinding
 	var argoCDServerControllerDeployment appsv1beta2.Deployment
 	var argoCDServerService apiv1.Service
-	i.unmarshalManifest("03a_argocd-server-sa.yaml", &argoCDServerServiceAccount)
-	i.unmarshalManifest("03b_argocd-server-role.yaml", &argoCDServerControllerRole)
-	i.unmarshalManifest("03c_argocd-server-rolebinding.yaml", &argoCDServerControllerRoleBinding)
-	i.unmarshalManifest("03d_argocd-server-deployment.yaml", &argoCDServerControllerDeployment)
-	i.unmarshalManifest("03e_argocd-server-service.yaml", &argoCDServerService)
+	i.unmarshalManifest("04a_argocd-server-sa.yaml", &argoCDServerServiceAccount)
+	i.unmarshalManifest("04b_argocd-server-role.yaml", &argoCDServerControllerRole)
+	i.unmarshalManifest("04c_argocd-server-rolebinding.yaml", &argoCDServerControllerRoleBinding)
+	i.unmarshalManifest("04d_argocd-server-deployment.yaml", &argoCDServerControllerDeployment)
+	i.unmarshalManifest("04e_argocd-server-service.yaml", &argoCDServerService)
+	argoCDServerControllerRoleBinding.Subjects[0].Namespace = i.Namespace
 	argoCDServerControllerDeployment.Spec.Template.Spec.InitContainers[0].Image = i.UIImage
 	argoCDServerControllerDeployment.Spec.Template.Spec.InitContainers[0].ImagePullPolicy = apiv1.PullPolicy(i.ImagePullPolicy)
 	argoCDServerControllerDeployment.Spec.Template.Spec.Containers[0].Image = i.ServerImage
 	argoCDServerControllerDeployment.Spec.Template.Spec.Containers[0].ImagePullPolicy = apiv1.PullPolicy(i.ImagePullPolicy)
-
-	kubeclientset, err := kubernetes.NewForConfig(i.config)
-	errors.CheckError(err)
-
-	configManager := util.NewConfigManager(kubeclientset, i.Namespace, i.ConfigMap)
-	errors.CheckError(err)
-
-	if i.InstallOptions.ConfigMap != "" {
-		quotedConfigMapName := strconv.Quote(i.InstallOptions.ConfigMap)
-		container := &argoCDServerControllerDeployment.Spec.Template.Spec.Containers[0]
-		container.Command = append(container.Command, "--config-map", quotedConfigMapName)
-	}
-
 	i.MustInstallResource(kube.MustToUnstructured(&argoCDServerServiceAccount))
 	i.MustInstallResource(kube.MustToUnstructured(&argoCDServerControllerRole))
 	i.MustInstallResource(kube.MustToUnstructured(&argoCDServerControllerRoleBinding))
 	i.MustInstallResource(kube.MustToUnstructured(&argoCDServerControllerDeployment))
 	i.MustInstallResource(kube.MustToUnstructured(&argoCDServerService))
 
-	// Ignore errors because settings aren't fully formed
-	settings, _ := configManager.GetSettings()
-
-	// Generate a new superuser on command or if there are no superusers.
-	if i.InstallOptions.ConfigSuperuser || len(settings.LocalUsers) == 0 {
-		inputReader := bufio.NewReader(os.Stdin)
-
-		fmt.Print("*** Please enter a superuser username: ")
-		rootUsername, err := inputReader.ReadString('\n')
-		errors.CheckError(err)
-		rootUsername = strings.Trim(rootUsername, "\n")
-
-		fmt.Print("*** Please enter a superuser password: ")
-		rawPassword, err := terminal.ReadPassword(syscall.Stdin)
-		errors.CheckError(err)
-		fmt.Print("\n")
-
-		err = configManager.SetRootUserCredentials(rootUsername, string(rawPassword))
-		errors.CheckError(err)
-	}
-
-	// Generate a new secret key on command or if the server signature isn't set.
-	// This has the side effect of invalidating all current login sessions.
-	if i.InstallOptions.CreateSignature || len(settings.ServerSignature) == 0 {
-		err = configManager.GenerateServerSignature()
-		errors.CheckError(err)
-	}
 }
 
 func (i *Installer) InstallArgoCDRepoServer() {
 	var argoCDRepoServerControllerDeployment appsv1beta2.Deployment
 	var argoCDRepoServerService apiv1.Service
-	i.unmarshalManifest("04a_argocd-repo-server-deployment.yaml", &argoCDRepoServerControllerDeployment)
-	i.unmarshalManifest("04b_argocd-repo-server-service.yaml", &argoCDRepoServerService)
+	i.unmarshalManifest("05a_argocd-repo-server-deployment.yaml", &argoCDRepoServerControllerDeployment)
+	i.unmarshalManifest("05b_argocd-repo-server-service.yaml", &argoCDRepoServerService)
 	argoCDRepoServerControllerDeployment.Spec.Template.Spec.Containers[0].Image = i.RepoServerImage
 	argoCDRepoServerControllerDeployment.Spec.Template.Spec.Containers[0].ImagePullPolicy = apiv1.PullPolicy(i.ImagePullPolicy)
 	i.MustInstallResource(kube.MustToUnstructured(&argoCDRepoServerControllerDeployment))

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: argocd-cm
+  namespace: argocd
+# TODO: future argocd tuning keys go here (e.g. resync period)
+data: {}
@@ -0,0 +1,13 @@
+# NOTE: the values in this secret are provided as working manifest example and are not the values
+# used during an install. New values will be generated as part of `argocd install`
+apiVersion: v1
+kind: Secret
+metadata:
+  name: argocd-secret
+  namespace: argocd
+type: Opaque
+data:
+  # bcrypt hash of 'password'
+  admin.password: JDJhJDEwJGVYYkZmOEt3NUMzTDJVbE9FRDNqUU9QMC5reVNBamVLUXY0N3NqaFFpWlZwTkkyU2dMTzd1
+  # random server signature key for session validation
+  server.secretkey: aEDvv73vv70F77+9CRBSNu+/vTYQ77+9EUFh77+9LzFyJ++/vXfLsO+/vWRbeu+/ve+/vQ==
@@ -6,5 +6,6 @@ metadata:
 spec:
   ports:
   - port: 8081
+    targetPort: 8081
   selector:
     app: argocd-repo-server