feat: copy secret to argo

linode · Oct 30, 2023 · bedd3ad · bedd3ad
1 parent e47d4f3
commit bedd3ad
Show file tree

Hide file tree

Showing 3 changed files with 71 additions and 7 deletions.
diff --git a/.vscode/launch.json b/.vscode/launch.json
@@ -1,6 +1,7 @@
 {
   "version": "0.2.0",
   "configurations": [
+
     {
       "type": "node",
       "request": "attach",
@@ -64,6 +65,16 @@
         "NODE_EXTRA_CA_CERTS": "${workspaceFolder}/.env.ca"
       }
     },
+    {
+      "type": "node",
+      "request": "launch",
+      "name": "Debug operator",
+      "runtimeExecutable": "npm",
+      "runtimeArgs": ["run-script", "operator:secrets-dev"],
+      "cwd": "${workspaceRoot}",
+      "console": "integratedTerminal",
+      "envFile": "${workspaceFolder}/.env",
+    },
     {
       "type": "node",
       "request": "launch",

diff --git a/package.json b/package.json
@@ -137,6 +137,7 @@
     "tasks:otomi-chart": "node dist/tasks/otomi/otomi-chart.js",
     "tasks:wait-for-dev": "NODE_TLS_REJECT_UNAUTHORIZED=0 ts-node-dev ./src/tasks/otomi/wait-for.ts",
     "tasks:wait-for": "node dist/tasks/otomi/wait-for.js",
+    "operator:secrets-dev": "NODE_TLS_REJECT_UNAUTHORIZED=0 ts-node-dev ./src/operator/secrets.ts",
     "test": "NODE_ENV=test mocha -r ts-node/register -r ts-custom-error --exit src/**/*.test.*"
   },
   "standard-version": {

diff --git a/src/operator/secrets.ts b/src/operator/secrets.ts
@@ -1,15 +1,69 @@
-import Operator, { ResourceEvent } from '@dot-i/k8s-operator'
-import { KubeConfig, Watch } from '@kubernetes/client-node'
+import Operator, { ResourceEvent, ResourceEventType } from '@dot-i/k8s-operator'
+import { KubernetesObject } from '@dot-i/k8s-operator/node_modules/@kubernetes/client-node/dist'
+import * as k8s from '@kubernetes/client-node'
+import { KubeConfig } from '@kubernetes/client-node'
 
-const teamNamespace = []
+interface CustomKubernetesObject extends KubernetesObject {
+  type: string
+}
 
+const kc = new KubeConfig()
+kc.loadFromDefault()
+const k8sApi = kc.makeApiClient(k8s.CoreV1Api)
+const teamNamespace: string[] = []
 const watchTeamSecrets = async (event: ResourceEvent) => {
+  // console.debug('WATCH TEAMSECRETS', event)
+  const secrets = await k8sApi.listSecretForAllNamespaces()
   // Filter by secret type TLS, and Dockerconfig
 }
-const watchNamespaces = async (event: ResourceEvent) => {}
-
+const watchNamespaces = async (event: ResourceEvent) => {
+  // console.debug('WATCH NAMESPACES', event)
+  if (event.meta.name.includes('team')) {
+    teamNamespace.push(event.meta.namespace!)
+  }
+  const secrets = await k8sApi.listSecretForAllNamespaces()
+}
 export default class MyOperator extends Operator {
   protected async init() {
+    console.debug('Before watch resource')
+    await this.watchResource('', 'v1', 'secrets', async (e) => {
+      const { object } = e
+      const { metadata, type } = object as CustomKubernetesObject
+      if (metadata && !metadata.namespace?.startsWith('team-')) return
+      if (type !== 'kubernetes.io/dockerconfigjson') return
+      console.debug('------------')
+      console.debug('TEAM SECRETS: ', metadata?.name)
+      console.debug('EVENT-TYPE: ', e.type)
+      switch (e.type) {
+        case ResourceEventType.Added: {
+          console.debug('ResourceEventType.Added')
+          const simpleSecret = new k8s.V1Secret()
+          simpleSecret.metadata = { name: `copy-${metadata?.namespace}-${metadata?.name}`, namespace: 'argocd' }
+          simpleSecret.type = 'kubernetes.io/dockerconfigjson'
+          // eslint-disable-next-line no-useless-catch
+          try {
+            simpleSecret.data = (await k8sApi.readNamespacedSecret(metadata!.name!, metadata!.namespace!)).body.data
+            await k8sApi.createNamespacedSecret('argocd', simpleSecret)
+            console.debug(simpleSecret.metadata.name)
+          } catch (err) {
+            console.debug('ERROR', err)
+            console.debug(
+              `Secret '${simpleSecret.metadata.name}' already exists in namespace '${simpleSecret.metadata.namespace}'`,
+            )
+          }
+          // do something useful here
+          break
+        }
+        case ResourceEventType.Modified:
+          // do something useful here
+          break
+        case ResourceEventType.Deleted:
+          // do something useful here
+          break
+        default:
+          break
+      }
+    })
     await this.watchResource('', 'v1', 'namespaces', watchNamespaces)
     teamNamespace.forEach((namespace) => {
       this.watchResource('', 'v1', 'secrets', watchTeamSecrets, namespace)
@@ -32,6 +86,4 @@ async function main(): Promise<void> {
 
 if (typeof require !== 'undefined' && require.main === module) {
   main()
-  const watch = new Watch(new KubeConfig())
-  watch.watch()
 }