From 73ee7ddca7484b2008cefb8ef70b599f95babd4e Mon Sep 17 00:00:00 2001
From: gifrerenom <lluis.gifre@cttc.es>
Date: Thu, 26 Jan 2023 15:56:45 +0000
Subject: [PATCH] Deploy scripts:

- moved creation of secrets from crdb.sh and nats.sh to tfs.sh for safety reasons
---
 deploy/crdb.sh | 38 --------------------------------------
 deploy/nats.sh | 20 ++------------------
 deploy/tfs.sh  | 34 ++++++++++++++++++++++++++++++++++
 my_deploy.sh   | 19 ++++++-------------
 4 files changed, 42 insertions(+), 69 deletions(-)

diff --git a/deploy/crdb.sh b/deploy/crdb.sh
index ecec39101..76aa07370 100755
--- a/deploy/crdb.sh
+++ b/deploy/crdb.sh
@@ -30,12 +30,6 @@ export CRDB_PASSWORD=${CRDB_PASSWORD:-"tfs123"}
 # If not already set, set the database name to be used by Context.
 export CRDB_DATABASE=${CRDB_DATABASE:-"tfs"}
 
-# If not already set, set the name of the secret where CockroachDB data and credentials will be stored.
-export CRDB_SECRET_NAME=${CRDB_SECRET_NAME:-"crdb-data"}
-
-# If not already set, set the namespace where the secret containing CockroachDB data and credentials will be stored.
-export CRDB_SECRET_NAMESPACE=${CRDB_SECRET_NAMESPACE:-"tfs"}
-
 # If not already set, set CockroachDB installation mode. Accepted values are: 'single' and 'cluster'.
 # "YES", the database pointed by variable CRDB_NAMESPACE will be dropped while
 # checking/deploying CockroachDB.
@@ -138,25 +132,9 @@ function crdb_deploy_single() {
     PATCH='{"spec": {"template": {"spec": {"containers": ['${CONTAINER}']}}}}'
     kubectl patch daemonset nginx-ingress-microk8s-controller --namespace ingress --patch "${PATCH}"
     echo
-
-    echo "Create secret with CockroachDB data"
-    kubectl create secret generic ${CRDB_SECRET_NAME} --namespace ${CRDB_SECRET_NAMESPACE} --type='Opaque' \
-        --from-literal=CRDB_NAMESPACE=${CRDB_NAMESPACE} \
-        --from-literal=CRDB_SQL_PORT=${CRDB_SQL_PORT} \
-        --from-literal=CRDB_GUI_PORT=${CRDB_GUI_PORT} \
-        --from-literal=CRDB_DATABASE=${CRDB_DATABASE} \
-        --from-literal=CRDB_USERNAME=${CRDB_USERNAME} \
-        --from-literal=CRDB_PASSWORD="'"${CRDB_PASSWORD}"'" \
-        --from-literal=CRDB_SSLMODE=require
-
-    kubectl get all --all-namespaces
 }
 
 function crdb_undeploy_single() {
-    echo "Delete secret with CockroachDB data"
-    kubectl delete secret ${CRDB_SECRET_NAME} --namespace ${CRDB_SECRET_NAMESPACE} --ignore-not-found
-    echo
-
     echo "CockroachDB"
     echo ">>> Checking if CockroachDB is deployed..."
     if kubectl get --namespace ${CRDB_NAMESPACE} statefulset/cockroachdb &> /dev/null; then
@@ -307,25 +285,9 @@ function crdb_deploy_cluster() {
     PATCH='{"spec": {"template": {"spec": {"containers": ['${CONTAINER}']}}}}'
     kubectl patch daemonset nginx-ingress-microk8s-controller --namespace ingress --patch "${PATCH}"
     echo
-
-    echo "Create secret with CockroachDB data"
-    kubectl create secret generic ${CRDB_SECRET_NAME} --namespace ${CRDB_SECRET_NAMESPACE} --type='Opaque' \
-        --from-literal=CRDB_NAMESPACE=${CRDB_NAMESPACE} \
-        --from-literal=CRDB_SQL_PORT=${CRDB_SQL_PORT} \
-        --from-literal=CRDB_GUI_PORT=${CRDB_GUI_PORT} \
-        --from-literal=CRDB_DATABASE=${CRDB_DATABASE} \
-        --from-literal=CRDB_USERNAME=${CRDB_USERNAME} \
-        --from-literal=CRDB_PASSWORD="'"${CRDB_PASSWORD}"'" \
-        --from-literal=CRDB_SSLMODE=require
-
-    kubectl get all --all-namespaces
 }
 
 function crdb_undeploy_cluster() {
-    echo "Delete secret with CockroachDB data"
-    kubectl delete secret ${CRDB_SECRET_NAME} --namespace ${CRDB_SECRET_NAMESPACE} --ignore-not-found
-    echo
-
     echo "CockroachDB Client"
     echo ">>> Checking if CockroachDB Client is deployed..."
     if kubectl get --namespace ${CRDB_NAMESPACE} pod/cockroachdb-client-secure &> /dev/null; then
diff --git a/deploy/nats.sh b/deploy/nats.sh
index 757b0984f..544028996 100755
--- a/deploy/nats.sh
+++ b/deploy/nats.sh
@@ -13,6 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+
 ########################################################################################################################
 # Read deployment settings
 ########################################################################################################################
@@ -20,17 +21,12 @@
 # If not already set, set the namespace where NATS will be deployed.
 export NATS_NAMESPACE=${NATS_NAMESPACE:-"nats"}
 
-# If not already set, set the name of the secret where NATS data and credentials will be stored.
-export NATS_SECRET_NAME=${NATS_SECRET_NAME:-"nats-data"}
-
-# If not already set, set the namespace where the secret containing NATS data and credentials will be stored.
-export NATS_SECRET_NAMESPACE=${NATS_SECRET_NAMESPACE:-"tfs"}
-
 # If not already set, disable flag for re-deploying NATS from scratch.
 # WARNING: ACTIVATING THIS FLAG IMPLIES LOOSING THE MESSAGE BROKER INFORMATION!
 # If NATS_REDEPLOY is "YES", the message broker will be dropped while checking/deploying NATS.
 export NATS_REDEPLOY=${NATS_REDEPLOY:-""}
 
+
 ########################################################################################################################
 # Automated steps start here
 ########################################################################################################################
@@ -106,21 +102,9 @@ function nats_deploy_single() {
     PATCH='{"spec": {"template": {"spec": {"containers": ['${CONTAINER}']}}}}'
     kubectl patch daemonset nginx-ingress-microk8s-controller --namespace ingress --patch "${PATCH}"
     echo
-
-    echo "Create secret with NATS data"
-    kubectl create secret generic ${NATS_SECRET_NAME} --namespace ${NATS_SECRET_NAMESPACE} --type='Opaque' \
-        --from-literal=NATS_NAMESPACE=${NATS_NAMESPACE} \
-        --from-literal=NATS_CLIENT_PORT=${NATS_CLIENT_PORT} \
-        --from-literal=NATS_GUI_PORT=${NATS_GUI_PORT}
-
-    kubectl get all --all-namespaces
 }
 
 function nats_undeploy_single() {
-    echo "Delete secret with NATS data"
-    kubectl delete secret ${NATS_SECRET_NAME} --namespace ${NATS_SECRET_NAMESPACE} --ignore-not-found
-    echo
-
     echo "NATS"
     echo ">>> Checking if NATS is deployed..."
     if kubectl get --namespace ${NATS_NAMESPACE} statefulset/nats &> /dev/null; then
diff --git a/deploy/tfs.sh b/deploy/tfs.sh
index efa4875c6..8b172b0fc 100755
--- a/deploy/tfs.sh
+++ b/deploy/tfs.sh
@@ -42,6 +42,22 @@ export TFS_GRAFANA_PASSWORD=${TFS_GRAFANA_PASSWORD:-"admin123+"}
 # If TFS_SKIP_BUILD is "YES", the containers are not rebuilt-retagged-repushed and existing ones are used.
 export TFS_SKIP_BUILD=${TFS_SKIP_BUILD:-""}
 
+# If not already set, set the namespace where CockroackDB will be deployed.
+export CRDB_NAMESPACE=${CRDB_NAMESPACE:-"crdb"}
+
+# If not already set, set the database username to be used by Context.
+export CRDB_USERNAME=${CRDB_USERNAME:-"tfs"}
+
+# If not already set, set the database user's password to be used by Context.
+export CRDB_PASSWORD=${CRDB_PASSWORD:-"tfs123"}
+
+# If not already set, set the database name to be used by Context.
+export CRDB_DATABASE=${CRDB_DATABASE:-"tfs"}
+
+# If not already set, set the namespace where NATS will be deployed.
+export NATS_NAMESPACE=${NATS_NAMESPACE:-"nats"}
+
+
 ########################################################################################################################
 # Automated steps start here
 ########################################################################################################################
@@ -61,6 +77,24 @@ kubectl delete namespace $TFS_K8S_NAMESPACE
 kubectl create namespace $TFS_K8S_NAMESPACE
 printf "\n"
 
+echo "Create secret with CockroachDB data"
+CRDB_SQL_PORT=$(kubectl --namespace ${CRDB_NAMESPACE} get service cockroachdb-public -o 'jsonpath={.spec.ports[?(@.name=="sql")].port}')
+kubectl create secret generic crdb-data --namespace ${TFS_K8S_NAMESPACE} --type='Opaque' \
+    --from-literal=CRDB_NAMESPACE=${CRDB_NAMESPACE} \
+    --from-literal=CRDB_SQL_PORT=${CRDB_SQL_PORT} \
+    --from-literal=CRDB_DATABASE=${CRDB_DATABASE} \
+    --from-literal=CRDB_USERNAME=${CRDB_USERNAME} \
+    --from-literal=CRDB_PASSWORD="'"${CRDB_PASSWORD}"'" \
+    --from-literal=CRDB_SSLMODE=require
+printf "\n"
+
+echo "Create secret with NATS data"
+NATS_CLIENT_PORT=$(kubectl --namespace ${NATS_NAMESPACE} get service nats -o 'jsonpath={.spec.ports[?(@.name=="client")].port}')
+kubectl create secret generic nats-data --namespace ${TFS_K8S_NAMESPACE} --type='Opaque' \
+    --from-literal=NATS_NAMESPACE=${NATS_NAMESPACE} \
+    --from-literal=NATS_CLIENT_PORT=${NATS_CLIENT_PORT}
+printf "\n"
+
 echo "Deploying components and collecting environment variables..."
 ENV_VARS_SCRIPT=tfs_runtime_env_vars.sh
 echo "# Environment variables for TeraFlowSDN deployment" > $ENV_VARS_SCRIPT
diff --git a/my_deploy.sh b/my_deploy.sh
index 41dce9bd5..8795f9e81 100644
--- a/my_deploy.sh
+++ b/my_deploy.sh
@@ -13,6 +13,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+
+# ----- TeraFlowSDN ------------------------------------------------------------
+
 # Set the URL of the internal MicroK8s Docker registry where the images will be uploaded to.
 export TFS_REGISTRY_IMAGES=${TFS_REGISTRY_IMAGES:-"http://localhost:32000/tfs/"}
 
@@ -34,6 +37,7 @@ export TFS_GRAFANA_PASSWORD="admin123+"
 # Disable skip-build flag to rebuild the Docker images.
 export TFS_SKIP_BUILD=""
 
+# ----- CockroachDB ------------------------------------------------------------
 # Set the namespace where CockroackDB will be deployed.
 export CRDB_NAMESPACE="crdb"
 
@@ -46,12 +50,6 @@ export CRDB_PASSWORD="tfs123"
 # Set the database name to be used by Context.
 export CRDB_DATABASE="tfs"
 
-# Set the name of the secret where CockroachDB data and credentials will be stored.
-export CRDB_SECRET_NAME="crdb-data"
-
-# Set the namespace where the secret containing CockroachDB data and credentials will be stored.
-export CRDB_SECRET_NAMESPACE=${TFS_K8S_NAMESPACE}
-
 # Set CockroachDB installation mode to 'single'. This option is convenient for development and testing.
 # See ./deploy/all.sh or ./deploy/crdb.sh for additional details
 export CRDB_DEPLOY_MODE="single"
@@ -62,14 +60,9 @@ export CRDB_DROP_DATABASE_IF_EXISTS=""
 # Disable flag for re-deploying CockroachDB from scratch.
 export CRDB_REDEPLOY=""
 
+# ----- NATS -------------------------------------------------------------------
 # Set the namespace where NATS will be deployed.
 export NATS_NAMESPACE="nats"
 
-# Set the name of the secret where NATS data and credentials will be stored.
-export NATS_SECRET_NAME="nats-data"
-
-# Set the namespace where the secret containing NATS data and credentials will be stored.
-export NATS_SECRET_NAMESPACE=${TFS_K8S_NAMESPACE}
-
 # Disable flag for re-deploying NATS from scratch.
-export NATS_REDEPLOY=${NATS_REDEPLOY:-""}
+export NATS_REDEPLOY=""
-- 
GitLab