Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Patch ace options schema to fix dns provider help text #238

Merged
merged 1 commit into from
Oct 25, 2023
Merged

Patch ace options schema to fix dns provider help text #238

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 6 additions & 17 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -173,22 +173,11 @@ gen-crds:
paths="./apis/..." \
output:crd:artifacts:config=.crds

crds_to_patch :=

.PHONY: patch-crds
patch-crds: $(addprefix patch-crd-, $(crds_to_patch))
patch-crd-%: $(BUILD_DIRS)
@echo "patching $*"
@kubectl patch -f .crds/$* -p "$$(cat hack/crd-patch.json)" --type=json --local=true -o yaml > bin/$*
@mv bin/$* .crds/$*

.PHONY: label-crds
label-crds: $(BUILD_DIRS)
@for f in .crds/*.yaml; do \
echo "applying app.kubernetes.io/name=bytebuilders label to $$f"; \
kubectl label --overwrite -f $$f --local=true -o yaml app.kubernetes.io/name=bytebuilders > bin/crd.yaml; \
mv bin/crd.yaml $$f; \
done
.PHONY: patch-schema
patch-schema:
@# https://github.com/kislyuk/yq
@yq -s '.[0] * .[1]' ./schema/ace-options/values.openapiv3_schema.yaml ./schema/ace-options/patch.yaml -y > ./schema/ace-options/final.yaml
@mv ./schema/ace-options/final.yaml ./schema/ace-options/values.openapiv3_schema.yaml

.PHONY: gen-values-schema
gen-values-schema: $(BUILD_DIRS)
Expand Down Expand Up @@ -234,7 +223,7 @@ gen-chart-doc-%:
chart-doc-gen -d ./charts/$*/doc.yaml -v ./charts/$*/values.yaml > ./charts/$*/README.md

.PHONY: manifests
manifests: gen-crds gen-schema gen-chart-doc
manifests: gen-crds gen-schema patch-schema gen-chart-doc

.PHONY: gen
gen: codegen manifests
Expand Down
131 changes: 7 additions & 124 deletions apis/installer/v1alpha1/ace_ace_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -276,133 +276,16 @@ type InfraDns struct {
}

type DNSProviderAuth struct {
/*
## Cloudflare

To use Cloudflare as your DNS provider, you need to create a API Token some specified permissions.

Tokens can be created at `User Profile` > `API Tokens` > `API Tokens`. The following settings are recommended:
- Permissions:
- `Zone` - `DNS` - `Edit`
- `Zone` - `Zone` - `Read`
- Zone Resources:
- `Include` - `All zones` </br>
or
- `Include` - `Specific zone` - `Your desired zone`
*/
// WARNING!!! Update docs in schema/ace-options/patch.yaml
Cloudflare *CloudflareAuth `json:"cloudflare,omitempty"`
/*
## Route53

To use Route53 as your DNS provider, you need to run the following commands and provide us the generated `AccessKeyID` and `SecretAccessKey`.
- Create a policy
```sh
echo '{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "route53:GetChange",
"Resource": "arn:aws:route53:::change/*"
},
{
"Effect": "Allow",
"Action": [
"route53:ChangeResourceRecordSets",
"route53:ListResourceRecordSets"
],
"Resource": "arn:aws:route53:::hostedzone/*"
},
{
"Effect": "Allow",
"Action": [
"route53:ListHostedZones",
"route53:ListHostedZonesByName",
"route53:ListResourceRecordSets",
"route53:ListTagsForResource"
],
"Resource": "*"
}
]
}' > route53-policy.json
```
```sh
aws iam create-policy --policy-name route53-policy --policy-document file://route53-policy.json

POLICY_ARN=$(aws iam list-policies --query 'Policies[?PolicyName==`route53-policy`].Arn' --output text)
```
- Create a user and attach this policy to that user
```sh
aws iam create-user --user-name "route53"
aws iam attach-user-policy --user-name "route53" --policy-arn $POLICY_ARN
```
- Create Access Token for the user
```sh
aws iam create-access-key --user-name "route53"
```
*/

// WARNING!!! Update docs in schema/ace-options/patch.yaml
Route53 *Route53Auth `json:"route53,omitempty"`
/*
## Google CloudDNS

To use Google CloudDNS as your DNS provider, you need to create a GCP service account with the dns.admin role.

- Set Project id, service account name
```sh
# Set the project ID where you registered your Domain
PROJECT_ID="myproject-id"
DNS_SA_NAME="clouddns-sa"
DNS_SA_EMAIL="$DNS_SA_NAME@${PROJECT_ID}.iam.gserviceaccount.com"
```
- Create Service account and Assign permission
```sh
gcloud iam service-accounts create $DNS_SA_NAME --display-name $DNS_SA_NAME

# assign google service account to dns.admin role in cloud-dns project
gcloud projects add-iam-policy-binding $PROJECT_ID \
--member serviceAccount:$DNS_SA_EMAIL --role "roles/dns.admin"
```
- Create a Service Account Secret
```sh
# download static credentials
gcloud iam service-accounts keys create $DNS_SA_NAME-credentials.json \
--iam-account $DNS_SA_EMAIL
```
*/

// WARNING!!! Update docs in schema/ace-options/patch.yaml
CloudDNS *CloudDNSAuth `json:"cloudDNS,omitempty"`
/*
## AzureDNS

To use AzureDNS as your DNS provider, run the following commands
- Set the following ENVs with the preferred `Service Principal`, `Resource Group` and `DNS Zone`
```sh
NEW_SERVICE_PRINCIPAL_NAME=azuredns-sp
DNS_ZONE=<your-preferred-domain> # DNS_ZONE=appscode.com
# Resource Group where you created the zone
DNS_ZONE_RESOURCE_GROUP=<resource-group-name>
```
- Create a Service Principal RBAC
```sh
DNS_SP=$(az ad sp create-for-rbac --name $NEW_SERVICE_PRINCIPAL_NAME)
```
- Assign required roles for the Service Principal
```sh
SERVICE_PRINCIPAL_APP_ID=$(echo $DNS_SP | jq -r '.appId')
DNS_ID=$(az network dns zone show --name $DNS_ZONE --resource-group $DNS_ZONE_RESOURCE_GROUP --query "id" --output tsv)

az role assignment create --assignee $SERVICE_PRINCIPAL_APP_ID --role "DNS Zone Contributor" --scope $DNS_ID
az role assignment create --assignee $SERVICE_PRINCIPAL_APP_ID --role "Reader" --scope $DNS_ID
```
- Print and provide us the following data
```sh
echo "SERVICE_PRINCIPAL_APP_ID: $(echo $DNS_SP | jq -r '.appId')"
echo "SERVICE_PRINCIPAL_APP_PASSWORD: $(echo $DNS_SP | jq -r '.password')"
echo "SUBSCRIPTION_ID: $(az account show | jq -r '.id')"
echo "TENANT_ID: $(echo $DNS_SP | jq -r '.tenant')"
echo "DNS_ZONE: $DNS_ZONE"
echo "DNS_ZONE_RESOURCE_GROUP: $DNS_ZONE_RESOURCE_GROUP"
```
*/

// WARNING!!! Update docs in schema/ace-options/patch.yaml
AzureDNS *AzureDNSAuth `json:"azureDNS,omitempty"`
}

Expand Down
131 changes: 131 additions & 0 deletions schema/ace-options/patch.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,131 @@
properties:
infra:
properties:
dns:
properties:
auth:
properties:
azureDNS:
description: |
## AzureDNS

To use AzureDNS as your DNS provider, run the following commands
- Set the following ENVs with the preferred `Service Principal`, `Resource Group` and `DNS Zone`
```sh
NEW_SERVICE_PRINCIPAL_NAME=azuredns-sp
DNS_ZONE=<your-preferred-domain> # DNS_ZONE=appscode.com
# Resource Group where you created the zone
DNS_ZONE_RESOURCE_GROUP=<resource-group-name>
```
- Create a Service Principal RBAC
```sh
DNS_SP=$(az ad sp create-for-rbac --name $NEW_SERVICE_PRINCIPAL_NAME)
```
- Assign required roles for the Service Principal
```sh
SERVICE_PRINCIPAL_APP_ID=$(echo $DNS_SP | jq -r '.appId')
DNS_ID=$(az network dns zone show --name $DNS_ZONE --resource-group $DNS_ZONE_RESOURCE_GROUP --query "id" --output tsv)

az role assignment create --assignee $SERVICE_PRINCIPAL_APP_ID --role "DNS Zone Contributor" --scope $DNS_ID
az role assignment create --assignee $SERVICE_PRINCIPAL_APP_ID --role "Reader" --scope $DNS_ID
```
- Print and provide us the following data
```sh
echo "SERVICE_PRINCIPAL_APP_ID: $(echo $DNS_SP | jq -r '.appId')"
echo "SERVICE_PRINCIPAL_APP_PASSWORD: $(echo $DNS_SP | jq -r '.password')"
echo "SUBSCRIPTION_ID: $(az account show | jq -r '.id')"
echo "TENANT_ID: $(echo $DNS_SP | jq -r '.tenant')"
echo "DNS_ZONE: $DNS_ZONE"
echo "DNS_ZONE_RESOURCE_GROUP: $DNS_ZONE_RESOURCE_GROUP"
```
cloudDNS:
description: |
## Google CloudDNS

To use Google CloudDNS as your DNS provider, you need to create a GCP service account with the dns.admin role.

- Set Project id, service account name
```sh
# Set the project ID where you registered your Domain
PROJECT_ID="myproject-id"
DNS_SA_NAME="clouddns-sa"
DNS_SA_EMAIL="$DNS_SA_NAME@${PROJECT_ID}.iam.gserviceaccount.com"
```
- Create Service account and Assign permission
```sh
gcloud iam service-accounts create $DNS_SA_NAME --display-name $DNS_SA_NAME

# assign google service account to dns.admin role in cloud-dns project
gcloud projects add-iam-policy-binding $PROJECT_ID \
--member serviceAccount:$DNS_SA_EMAIL --role "roles/dns.admin"
```
- Create a Service Account Secret
```sh
# download static credentials
gcloud iam service-accounts keys create $DNS_SA_NAME-credentials.json \
--iam-account $DNS_SA_EMAIL
```
cloudflare:
description: |
## Cloudflare

To use Cloudflare as your DNS provider, you need to create a API Token some specified permissions.

Tokens can be created at `User Profile` > `API Tokens` > `API Tokens`. The following settings are recommended:
- Permissions:
- `Zone` - `DNS` - `Edit`
- `Zone` - `Zone` - `Read`
- Zone Resources:
- `Include` - `All zones` </br>
or
- `Include` - `Specific zone` - `Your desired zone`
route53:
description: |
## Route53

To use Route53 as your DNS provider, you need to run the following commands and provide us the generated `AccessKeyID` and `SecretAccessKey`.
- Create a policy
```sh
echo '{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "route53:GetChange",
"Resource": "arn:aws:route53:::change/*"
},
{
"Effect": "Allow",
"Action": [
"route53:ChangeResourceRecordSets",
"route53:ListResourceRecordSets"
],
"Resource": "arn:aws:route53:::hostedzone/*"
},
{
"Effect": "Allow",
"Action": [
"route53:ListHostedZones",
"route53:ListHostedZonesByName",
"route53:ListResourceRecordSets",
"route53:ListTagsForResource"
],
"Resource": "*"
}
]
}' > route53-policy.json
```
```sh
aws iam create-policy --policy-name route53-policy --policy-document file://route53-policy.json

POLICY_ARN=$(aws iam list-policies --query 'Policies[?PolicyName==`route53-policy`].Arn' --output text)
```
- Create a user and attach this policy to that user
```sh
aws iam create-user --user-name "route53"
aws iam attach-user-policy --user-name "route53" --policy-arn $POLICY_ARN
```
- Create Access Token for the user
```sh
aws iam create-access-key --user-name "route53"
```
Loading
Loading