Skip to content

Commit

Permalink
adds a guard to prevent overriding existing sealed-secrets installations
Browse files Browse the repository at this point in the history
  • Loading branch information
Adnan Abdulhussein committed Mar 1, 2018
1 parent 7a659f3 commit d10c416
Show file tree
Hide file tree
Showing 3 changed files with 34 additions and 4 deletions.
6 changes: 3 additions & 3 deletions cmd/chart-repo/sync.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,13 +19,13 @@ package main
import (
"os"

"github.com/spf13/cobra"
"github.com/sirupsen/logrus"
"github.com/kubeapps/common/datastore"
"github.com/sirupsen/logrus"
"github.com/spf13/cobra"
)

var syncCmd = &cobra.Command{
Use: "sync [REPO NAME] [REPO URL]",
Use: "sync [REPO NAME] [REPO URL]",
Short: "add a new chart repository, and resync its charts periodically",
Run: func(cmd *cobra.Command, args []string) {
if len(args) != 2 {
Expand Down
30 changes: 30 additions & 0 deletions cmd/kubeapps/up.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ import (
"encoding/json"
"fmt"
"io"
"regexp"
"sort"
"strconv"
"strings"
Expand Down Expand Up @@ -96,6 +97,13 @@ List of components that kubeapps up installs:
return fmt.Errorf("kubernetes with RBAC enabled (v1.8+) is required to run Kubeapps")
}

if ssecrets, _ := ssecretsExists(c); ssecrets {
fmt.Printf("sealed-secrets exists and was not installed by Kubeapps, continuing could override and interfere with your existing sealed-secrets controller.\nContinue? (y/n): ")
if ok := confirmPrompt(); !ok {
return fmt.Errorf("aborted")
}
}

manifest, err := fsGetFile("/kubeapps-objs.yaml")
if err != nil {
return fmt.Errorf("can't read kubeapps manifest: %v", err)
Expand Down Expand Up @@ -296,6 +304,28 @@ func mongoSecretExists(c kubecfg.UpdateCmd, name, ns string) (*unstructured.Unst
return prevSec, true, nil
}

// checks if sealed-secrets exists outside of the Kubeapps install
func ssecretsExists(c kubecfg.UpdateCmd) (bool, error) {
gvk := schema.GroupVersionKind{Group: "apps", Version: "v1beta1", Kind: "Deployment"}
rc, err := clientForGroupVersionKind(c.ClientPool, c.Discovery, gvk, "kube-system")
if err != nil {
return false, err
}
ssc, err := rc.Get("sealed-secrets-controller", metav1.GetOptions{})
return ssc.GetLabels()["created-by"] != "kubeapps", nil
}

func confirmPrompt() bool {
var response string
_, err := fmt.Scanln(&response)
if err != nil {
return false
}

r := regexp.MustCompile("(?i)^y(es)?")
return r.MatchString(response)
}

func buildSecretObject(pw map[string]string, name, ns string) *unstructured.Unstructured {
return &unstructured.Unstructured{
Object: map[string]interface{}{
Expand Down
Loading

0 comments on commit d10c416

Please sign in to comment.