Skip to content

Commit

Permalink
Patch ace options schema to fix dns provider help text
Browse files Browse the repository at this point in the history
Signed-off-by: Tamal Saha <[email protected]>
  • Loading branch information
tamalsaha committed Oct 25, 2023
1 parent de6e770 commit 604cc80
Show file tree
Hide file tree
Showing 4 changed files with 437 additions and 421 deletions.
23 changes: 6 additions & 17 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -173,22 +173,11 @@ gen-crds:
paths="./apis/..." \
output:crd:artifacts:config=.crds

crds_to_patch :=

.PHONY: patch-crds
patch-crds: $(addprefix patch-crd-, $(crds_to_patch))
patch-crd-%: $(BUILD_DIRS)
@echo "patching $*"
@kubectl patch -f .crds/$* -p "$$(cat hack/crd-patch.json)" --type=json --local=true -o yaml > bin/$*
@mv bin/$* .crds/$*

.PHONY: label-crds
label-crds: $(BUILD_DIRS)
@for f in .crds/*.yaml; do \
echo "applying app.kubernetes.io/name=bytebuilders label to $$f"; \
kubectl label --overwrite -f $$f --local=true -o yaml app.kubernetes.io/name=bytebuilders > bin/crd.yaml; \
mv bin/crd.yaml $$f; \
done
.PHONY: patch-schema
patch-schema:
@# https://github.com/kislyuk/yq
@yq -s '.[0] * .[1]' ./schema/ace-options/values.openapiv3_schema.yaml ./schema/ace-options/patch.yaml -y > ./schema/ace-options/final.yaml
@mv ./schema/ace-options/final.yaml ./schema/ace-options/values.openapiv3_schema.yaml

.PHONY: gen-values-schema
gen-values-schema: $(BUILD_DIRS)
Expand Down Expand Up @@ -234,7 +223,7 @@ gen-chart-doc-%:
chart-doc-gen -d ./charts/$*/doc.yaml -v ./charts/$*/values.yaml > ./charts/$*/README.md

.PHONY: manifests
manifests: gen-crds gen-schema gen-chart-doc
manifests: gen-crds gen-schema patch-schema gen-chart-doc

.PHONY: gen
gen: codegen manifests
Expand Down
131 changes: 7 additions & 124 deletions apis/installer/v1alpha1/ace_ace_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -276,133 +276,16 @@ type InfraDns struct {
}

type DNSProviderAuth struct {
/*
## Cloudflare
To use Cloudflare as your DNS provider, you need to create a API Token some specified permissions.
Tokens can be created at `User Profile` > `API Tokens` > `API Tokens`. The following settings are recommended:
- Permissions:
- `Zone` - `DNS` - `Edit`
- `Zone` - `Zone` - `Read`
- Zone Resources:
- `Include` - `All zones` </br>
or
- `Include` - `Specific zone` - `Your desired zone`
*/
// WARNING!!! Update docs in schema/ace-options/patch.yaml
Cloudflare *CloudflareAuth `json:"cloudflare,omitempty"`
/*
## Route53
To use Route53 as your DNS provider, you need to run the following commands and provide us the generated `AccessKeyID` and `SecretAccessKey`.
- Create a policy
```sh
echo '{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "route53:GetChange",
"Resource": "arn:aws:route53:::change/*"
},
{
"Effect": "Allow",
"Action": [
"route53:ChangeResourceRecordSets",
"route53:ListResourceRecordSets"
],
"Resource": "arn:aws:route53:::hostedzone/*"
},
{
"Effect": "Allow",
"Action": [
"route53:ListHostedZones",
"route53:ListHostedZonesByName",
"route53:ListResourceRecordSets",
"route53:ListTagsForResource"
],
"Resource": "*"
}
]
}' > route53-policy.json
```
```sh
aws iam create-policy --policy-name route53-policy --policy-document file://route53-policy.json
POLICY_ARN=$(aws iam list-policies --query 'Policies[?PolicyName==`route53-policy`].Arn' --output text)
```
- Create a user and attach this policy to that user
```sh
aws iam create-user --user-name "route53"
aws iam attach-user-policy --user-name "route53" --policy-arn $POLICY_ARN
```
- Create Access Token for the user
```sh
aws iam create-access-key --user-name "route53"
```
*/

// WARNING!!! Update docs in schema/ace-options/patch.yaml
Route53 *Route53Auth `json:"route53,omitempty"`
/*
## Google CloudDNS
To use Google CloudDNS as your DNS provider, you need to create a GCP service account with the dns.admin role.
- Set Project id, service account name
```sh
# Set the project ID where you registered your Domain
PROJECT_ID="myproject-id"
DNS_SA_NAME="clouddns-sa"
DNS_SA_EMAIL="$DNS_SA_NAME@${PROJECT_ID}.iam.gserviceaccount.com"
```
- Create Service account and Assign permission
```sh
gcloud iam service-accounts create $DNS_SA_NAME --display-name $DNS_SA_NAME
# assign google service account to dns.admin role in cloud-dns project
gcloud projects add-iam-policy-binding $PROJECT_ID \
--member serviceAccount:$DNS_SA_EMAIL --role "roles/dns.admin"
```
- Create a Service Account Secret
```sh
# download static credentials
gcloud iam service-accounts keys create $DNS_SA_NAME-credentials.json \
--iam-account $DNS_SA_EMAIL
```
*/

// WARNING!!! Update docs in schema/ace-options/patch.yaml
CloudDNS *CloudDNSAuth `json:"cloudDNS,omitempty"`
/*
## AzureDNS
To use AzureDNS as your DNS provider, run the following commands
- Set the following ENVs with the preferred `Service Principal`, `Resource Group` and `DNS Zone`
```sh
NEW_SERVICE_PRINCIPAL_NAME=azuredns-sp
DNS_ZONE=<your-preferred-domain> # DNS_ZONE=appscode.com
# Resource Group where you created the zone
DNS_ZONE_RESOURCE_GROUP=<resource-group-name>
```
- Create a Service Principal RBAC
```sh
DNS_SP=$(az ad sp create-for-rbac --name $NEW_SERVICE_PRINCIPAL_NAME)
```
- Assign required roles for the Service Principal
```sh
SERVICE_PRINCIPAL_APP_ID=$(echo $DNS_SP | jq -r '.appId')
DNS_ID=$(az network dns zone show --name $DNS_ZONE --resource-group $DNS_ZONE_RESOURCE_GROUP --query "id" --output tsv)
az role assignment create --assignee $SERVICE_PRINCIPAL_APP_ID --role "DNS Zone Contributor" --scope $DNS_ID
az role assignment create --assignee $SERVICE_PRINCIPAL_APP_ID --role "Reader" --scope $DNS_ID
```
- Print and provide us the following data
```sh
echo "SERVICE_PRINCIPAL_APP_ID: $(echo $DNS_SP | jq -r '.appId')"
echo "SERVICE_PRINCIPAL_APP_PASSWORD: $(echo $DNS_SP | jq -r '.password')"
echo "SUBSCRIPTION_ID: $(az account show | jq -r '.id')"
echo "TENANT_ID: $(echo $DNS_SP | jq -r '.tenant')"
echo "DNS_ZONE: $DNS_ZONE"
echo "DNS_ZONE_RESOURCE_GROUP: $DNS_ZONE_RESOURCE_GROUP"
```
*/

// WARNING!!! Update docs in schema/ace-options/patch.yaml
AzureDNS *AzureDNSAuth `json:"azureDNS,omitempty"`
}

Expand Down
131 changes: 131 additions & 0 deletions schema/ace-options/patch.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,131 @@
properties:
infra:
properties:
dns:
properties:
auth:
properties:
azureDNS:
description: |
## AzureDNS
To use AzureDNS as your DNS provider, run the following commands
- Set the following ENVs with the preferred `Service Principal`, `Resource Group` and `DNS Zone`
```sh
NEW_SERVICE_PRINCIPAL_NAME=azuredns-sp
DNS_ZONE=<your-preferred-domain> # DNS_ZONE=appscode.com
# Resource Group where you created the zone
DNS_ZONE_RESOURCE_GROUP=<resource-group-name>
```
- Create a Service Principal RBAC
```sh
DNS_SP=$(az ad sp create-for-rbac --name $NEW_SERVICE_PRINCIPAL_NAME)
```
- Assign required roles for the Service Principal
```sh
SERVICE_PRINCIPAL_APP_ID=$(echo $DNS_SP | jq -r '.appId')
DNS_ID=$(az network dns zone show --name $DNS_ZONE --resource-group $DNS_ZONE_RESOURCE_GROUP --query "id" --output tsv)
az role assignment create --assignee $SERVICE_PRINCIPAL_APP_ID --role "DNS Zone Contributor" --scope $DNS_ID
az role assignment create --assignee $SERVICE_PRINCIPAL_APP_ID --role "Reader" --scope $DNS_ID
```
- Print and provide us the following data
```sh
echo "SERVICE_PRINCIPAL_APP_ID: $(echo $DNS_SP | jq -r '.appId')"
echo "SERVICE_PRINCIPAL_APP_PASSWORD: $(echo $DNS_SP | jq -r '.password')"
echo "SUBSCRIPTION_ID: $(az account show | jq -r '.id')"
echo "TENANT_ID: $(echo $DNS_SP | jq -r '.tenant')"
echo "DNS_ZONE: $DNS_ZONE"
echo "DNS_ZONE_RESOURCE_GROUP: $DNS_ZONE_RESOURCE_GROUP"
```
cloudDNS:
description: |
## Google CloudDNS
To use Google CloudDNS as your DNS provider, you need to create a GCP service account with the dns.admin role.
- Set Project id, service account name
```sh
# Set the project ID where you registered your Domain
PROJECT_ID="myproject-id"
DNS_SA_NAME="clouddns-sa"
DNS_SA_EMAIL="$DNS_SA_NAME@${PROJECT_ID}.iam.gserviceaccount.com"
```
- Create Service account and Assign permission
```sh
gcloud iam service-accounts create $DNS_SA_NAME --display-name $DNS_SA_NAME
# assign google service account to dns.admin role in cloud-dns project
gcloud projects add-iam-policy-binding $PROJECT_ID \
--member serviceAccount:$DNS_SA_EMAIL --role "roles/dns.admin"
```
- Create a Service Account Secret
```sh
# download static credentials
gcloud iam service-accounts keys create $DNS_SA_NAME-credentials.json \
--iam-account $DNS_SA_EMAIL
```
cloudflare:
description: |
## Cloudflare
To use Cloudflare as your DNS provider, you need to create a API Token some specified permissions.
Tokens can be created at `User Profile` > `API Tokens` > `API Tokens`. The following settings are recommended:
- Permissions:
- `Zone` - `DNS` - `Edit`
- `Zone` - `Zone` - `Read`
- Zone Resources:
- `Include` - `All zones` </br>
or
- `Include` - `Specific zone` - `Your desired zone`
route53:
description: |
## Route53
To use Route53 as your DNS provider, you need to run the following commands and provide us the generated `AccessKeyID` and `SecretAccessKey`.
- Create a policy
```sh
echo '{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "route53:GetChange",
"Resource": "arn:aws:route53:::change/*"
},
{
"Effect": "Allow",
"Action": [
"route53:ChangeResourceRecordSets",
"route53:ListResourceRecordSets"
],
"Resource": "arn:aws:route53:::hostedzone/*"
},
{
"Effect": "Allow",
"Action": [
"route53:ListHostedZones",
"route53:ListHostedZonesByName",
"route53:ListResourceRecordSets",
"route53:ListTagsForResource"
],
"Resource": "*"
}
]
}' > route53-policy.json
```
```sh
aws iam create-policy --policy-name route53-policy --policy-document file://route53-policy.json
POLICY_ARN=$(aws iam list-policies --query 'Policies[?PolicyName==`route53-policy`].Arn' --output text)
```
- Create a user and attach this policy to that user
```sh
aws iam create-user --user-name "route53"
aws iam attach-user-policy --user-name "route53" --policy-arn $POLICY_ARN
```
- Create Access Token for the user
```sh
aws iam create-access-key --user-name "route53"
```
Loading

0 comments on commit 604cc80

Please sign in to comment.