feat: flux

Author: Gunther Klessinger

.gitignore

@@ -10,3 +10,4 @@ wheels/
 .venv
 README.md
 mysecrets.py
+tmp

environ

@@ -24,7 +24,7 @@ HK_LOCATION="fsn1"
 GITOPS_BRANCH="main"
 GITOPS_HOST="py:keyval"
 GITOPS_OWNER="company"
-GITOPS_PATH="clusters/staging"
+GITOPS_PATH="clusters/production"
 GITOPS_REPO="k8s"
 GITOPS_TOKEN="py:keyval"
 GITOPS_FLUX_PRIV_SECRET="py:keyval"

justfile

@@ -28,11 +28,12 @@ pyhk3-config *ARGS:
   just p hk3s render_config
   just p do show_env {{ARGS}}
 
+env *ARGS:
+  just p do show_env {{ARGS}}
 
 [confirm('Sure to destroy all servers of the cluster?')]
 rm:
-  just p do remove all
-
+  just p do delete all
 
 
 [confirm('Sure to destroy proxy (if existing) and recreate it?')]
@@ -53,10 +54,13 @@ port-forward:
   just p do port_forward
 
 
-install-flux:
-  just p flux prepare_repo 'gh:/fluxcd/flux2-kustomize-helm-example'
+flux-install:
   just p flux install
+  just p flux add_sops_secret
+  just p flux add_tmpl 'gh:/fluxcd/flux2-kustomize-helm-example'
 
+flux-uninstall:
+  just p flux uninstall
 
 test:
   just pyhk3-config

src/pyhk3/create.py

@@ -178,9 +178,13 @@ def configure_caddy():
 
 class tools:
     def ensure_ssh_key_known_to_hetzner():
+        """We return the name of any key which matches the fingerprint of the local key
+
+        If None: we create a new one and upload
+        """
         have = hapi.get('ssh_keys') or []
         fps = set([k['fingerprint'] for k in have])
-        fp = E('FN_SSH_KEY') + '.pub'
+        fp = E('FN_SSH_KEY', _home_repl=True) + '.pub'
         r = run(
             ['ssh-keygen', '-l', '-E', 'md5', '-f', fp],
             capture_output=True,
@@ -192,8 +196,7 @@ def ensure_ssh_key_known_to_hetzner():
         n = E('NAME')
         if n in [k['name'] for k in have]:
             msg = f'proceed to delete and re-add the SSH key {n}'
-            if not confirm(msg, default=False):
-                die('unconfirmed')
+            confirm(msg, default=False)
             f = [k['id'] for k in have if k['name'] == n]
             r = hapi.delete('ssh_keys', f[0])
         r = hapi.post('ssh_keys', data={'name': n, 'public_key': open(fp).read()})
@@ -312,7 +315,8 @@ def install():
         ip = ips('proxy')['pub']
         v = os.environ.get('HCLOUD_TOKEN')
         os.environ['HCLOUD_TOKEN'] = E('HCLOUD_TOKEN_WRITE')
-        cmd = 'kubectl get nodes 2>/dev/null && echo "Skipping install - already running" || '
+        cmd = 'mkdir -p /root/.kube && '
+        cmd += 'kubectl get nodes 2>/dev/null && echo "Skipping install - already running" || '
         cmd += 'hetzner-k3s create --config /root/config.yml'
         ssh(ip, cmd=cmd, capture_output=False, send_env=['HCLOUD_TOKEN'])
         os.environ['HCLOUD_TOKEN'] = v

src/pyhk3/do.py

@@ -1,6 +1,7 @@
 import yaml
+import os
 from .defaults import envdefaults
-from .tools import env
+from .tools import env, confirm
 from .create import hk3s, tools, local
 from .hapi import by_name, hapi, ips, need_env
 from .tools import die, log, shw, ssh
@@ -12,6 +13,12 @@
 
 def delete(name):
     """Deleting objects by name, via hapi"""
+    if name == 'all':
+        N = E('NAME')
+        r = [x['name'] for x in hapi.get('servers') if x['name'].startswith(N + '-')]
+        confirm(f'Delete {r}')
+        return [delete(i) for i in r]
+
     S = by_name('servers', name)
     if not S:
         return log.info('Not found', name=name)
@@ -68,9 +75,26 @@ def show_env(match=''):
             print(f'{k}={v}')
 
 
+def namespace_force_delete(namespace):
+    """Force delete a namespace. Last result when delete ns got stuck"""
+    kw = {}
+    if namespace == 'flux-system':
+        kw['hint'] = 'use "flux uninstall" instead'
+    cmd = f"kubectl get namespace {namespace} -o json | jq '.spec.finalizers=[]' | kubectl replace --raw /api/v1/namespaces/{namespace}/finalize -f -"
+    log.info('About brutally delete a namespace', cmd=cmd, **kw)
+    confirm(f'Force delete ns {namespace}?', default=False)
+    os.system(cmd)
+    log.info('Namespace deleted brutally')
+    cmd = f'kubectl api-resources --verbs=list --namespaced -o name | xargs -n 1 kubectl get -n {namespace}'
+    log.info(cmd, wait_confirm=True, hint='possible long list upcoming')
+    confirm('Listing now all remaining resources', default=True)
+    os.system(cmd)
+
+
 class do:
     ssh = run_remote
     delete = delete
     download_kubectl = local.download_kubectl
     port_forward = port_forward
     show_env = show_env
+    ns_del_force = namespace_force_delete