seira 0.1.0

data/lib/seira/redis.rb

@@ -0,0 +1,123 @@
+require 'json'
+require 'base64'
+
+module Seira
+  class Redis
+    VALID_ACTIONS = %w[list status credentials create delete].freeze
+
+    attr_reader :app, :action, :args, :context
+
+    def initialize(app:, action:, args:, context:)
+      @app = app
+      @action = action
+      @args = args
+      @context = context
+    end
+
+    # TODO: logs, upgrades?, backups, restores, CLI connection
+    def run
+      case action
+      when 'list'
+        run_list
+      when 'status'
+        run_status
+      when 'credentials'
+        run_credentials
+      when 'create'
+        run_create
+      when 'delete'
+        run_delete
+      else
+        fail "Unknown command encountered"
+      end
+    end
+
+    private
+
+    def run_list
+      list = `helm list`.split("\n")
+      filtered_list = list.select { |item| item.start_with?("#{app}-redis") }
+      filtered_list.each do |item|
+        puts item
+      end
+    end
+
+    def run_status
+      puts `helm status #{app}-redis-#{args[0]}`
+    end
+
+    def run_create
+      # Fairly beefy default compute because it's cheap and the longer we can defer upgrading the
+      # better. Go even higher for production apps.
+      # TODO: Enable metrics
+      values = {
+        persistence: {
+          size: '32Gi'
+        },
+        resources: {
+          requests: {
+            cpu: '2', # roughly 2 vCPU in both AWS and GCP terms
+            memory: '8Gi' # redis is in-memory - give it a lot
+          }
+        }
+      }
+
+      args.each do |arg|
+        puts "Applying arg #{arg} to values"
+        if arg.start_with?('--memory=')
+          values[:resources][:requests][:memory] = arg.split('=')[1]
+        elsif arg.start_with?('--volume=')
+          values[:persistence][:volume] = arg.split('=')[1]
+        elsif arg.start_with?('--cpu=')
+          values[:resources][:requests][:cpu] = arg.split('=')[1]
+        elsif arg.start_with?('--size=')
+          size = arg.split('=')[1]
+          case size
+          when '1'
+            values[:resources][:requests][:memory] = '100Mi' # 100mb
+            values[:persistence][:size] = '5Gi'
+            values[:resources][:requests][:cpu] = '100m' # .1 cpu
+          else
+            fail "There is no size option '#{size}'"
+          end
+        end
+      end
+
+      file_name = write_config(values)
+      unique_name = "#{Seira::Random.color}-#{Seira::Random.animal}"
+      name = "#{app}-#{unique_name}"
+      puts `helm install --namespace #{app} --name #{name} --wait -f #{file_name} stable/redis`
+
+      File.delete(file_name)
+
+      puts "To get status: 'seira #{context[:cluster]} #{app} redis status #{unique_name}'"
+      puts "To get credentials for storing in app secrets: 'seira #{context[:cluster]} #{app} redis credentials #{unique_name}'"
+      puts "Service URI for this Redis instance: 'redis://:<password goes here>@#{name}-redis:6379/0'."
+    end
+
+    def run_delete
+      to_delete = "#{app}-#{args[0]}"
+
+      exit(1) unless HighLine.agree("Are you sure you want to delete #{to_delete}? If any apps are using this redis instance, they will break.")
+
+      if system("helm delete #{to_delete}")
+        puts "Successfully deleted #{to_delete}. Mistake and seeing errors now? You can rollback easily. Below is last 5 revisions of the now deleted resource."
+        history = `helm history --max 5 #{to_delete}`
+        puts history
+        last_revision = history.split("\n").last.split(" ").map(&:strip)[0]
+        puts "helm rollback #{to_delete} #{last_revision}"
+        puts "Docs: https://github.com/kubernetes/helm/blob/master/docs/helm/helm_rollback.md"
+      else
+        puts "Delete failed"
+      end
+    end
+
+    def write_config(values)
+      file_name = "tmp/temp-redis-config-#{Seira::Cluster.current_cluster}-#{app}.json"
+      File.open(file_name, "wb") do |f|
+        f.write(values.to_json)
+      end
+      file_name
+    end
+  end
+end

data/lib/seira/secrets.rb

@@ -0,0 +1,148 @@
+require 'json'
+require 'base64'
+
+# Example usages:
+# seira staging specs secret set RAILS_ENV staging
+# seira demo tracking secret unset DISABLE_SOME_FEATURE
+# seira staging importer secret list
+# TODO: Multiple secrets in one command
+# TODO: Can we avoid writing to disk completely and instead pipe in raw json?
+module Seira
+  class Secrets
+    VALID_ACTIONS = %w[get set unset list list-decoded create-pgbouncer-secret].freeze
+    PGBOUNCER_SECRETS_NAME = 'pgbouncer-secrets'.freeze
+
+    attr_reader :app, :action, :key, :value, :args, :context
+
+    def initialize(app:, action:, args:, context:)
+      @app = app
+      @action = action
+      @args = args
+      @key = args[0]
+      @value = args[1]
+      @context = context
+    end
+
+    def run
+      case action
+      when 'get'
+        perform_key_validation
+        run_get
+      when 'set'
+        perform_key_validation
+        run_set
+      when 'unset'
+        perform_key_validation
+        run_unset
+      when 'list'
+        run_list
+      when 'list-decoded'
+        run_list_decoded
+      when 'create-pgbouncer-secret'
+        run_create_pgbouncer_secret
+      when 'bootstrap-cluster'
+        run_bootstrap_cluster
+      else
+        fail "Unknown command encountered"
+      end
+    end
+
+    def copy_secret_across_namespace(key:, to:, from:)
+      puts "Copying the #{key} secret from namespace #{from} to #{to}."
+      json_string = `kubectl get secret #{key} --namespace #{from} -o json`
+      secrets = JSON.parse(json_string)
+
+      # At this point we would preferably simply do a write_secrets call, but the metadata is highly coupled to old
+      # namespace so we need to clear out the old metadata
+      new_secrets = Marshal.load(Marshal.dump(secrets))
+      new_secrets.delete('metadata')
+      new_secrets['metadata'] = {
+        'name' => key,
+        'namespace' => to
+      }
+      write_secrets(secrets: new_secrets, secret_name: key)
+    end
+
+    def main_secret_name
+      "#{app}-secrets"
+    end
+
+    private
+
+    def perform_key_validation
+      if key.nil? || key.strip == ""
+        puts "Please specify a key in all caps and with underscores"
+        exit(1)
+      end
+    end
+
+    def run_get
+      secrets = fetch_current_secrets
+      puts "#{key}: #{Base64.decode64(secrets['data'][key])}"
+    end
+
+    def run_set
+      fail "Please specify a value as the third argument" if value.nil? || value.strip == ""
+      secrets = fetch_current_secrets
+      secrets['data'][key] = Base64.encode64(value)
+      write_secrets(secrets: secrets)
+    end
+
+    def run_unset
+      secrets = fetch_current_secrets
+      secrets['data'].delete(key)
+      write_secrets(secrets: secrets)
+    end
+
+    def run_list
+      secrets = fetch_current_secrets
+      puts "Base64 encoded keys for #{app}:"
+      secrets['data'].each do |k, v|
+        puts "#{k}: #{v}"
+      end
+    end
+
+    def run_list_decoded
+      secrets = fetch_current_secrets
+      puts "Decoded (raw) keys for #{app}:"
+      secrets['data'].each do |k, v|
+        puts "#{k}: #{Base64.decode64(v)}"
+      end
+    end
+
+    def run_create_pgbouncer_secret
+      db_user = args[0]
+      db_password = args[1]
+      puts `kubectl create secret generic #{PGBOUNCER_SECRETS_NAME} --namespace #{app} --from-literal=DB_USER=#{db_user} --from-literal=DB_PASSWORD=#{db_password}`
+    end
+
+    # In the normal case the secret we are updating is just main_secret_name,
+    # but in special cases we may be doing an operation on a different secret
+    def write_secrets(secrets:, secret_name: main_secret_name)
+      file_name = "tmp/temp-secrets-#{Seira::Cluster.current_cluster}-#{secret_name}.json"
+      File.open(file_name, "wb") do |f|
+        f.write(secrets.to_json)
+      end
+
+      # The command we use depends on if it already exists or not
+      secret_exists = system("kubectl get secret #{secret_name} --namespace #{app} > /dev/null")
+      command = secret_exists ? "replace" : "create"
+
+      if system("kubectl #{command} --namespace #{app} -f #{file_name}")
+        puts "Successfully created/replaced #{secret_name} secret #{key} in cluster #{Seira::Cluster.current_cluster}"
+      else
+        puts "Failed to update secret"
+      end
+
+      File.delete(file_name)
+    end
+
+    # Returns the still-base64encoded secrets hashmap
+    def fetch_current_secrets
+      json_string = `kubectl get secret #{main_secret_name} --namespace #{app} -o json`
+      json = JSON.parse(json_string)
+      fail "Unexpected Kind" unless json['kind'] == 'Secret'
+      json
+    end
+  end
+end

data/lib/seira/settings.rb

@@ -0,0 +1,59 @@
+require 'json'
+require 'yaml'
+
+module Seira
+  class Settings
+    DEFAULT_CONFIG_PATH = '.seira.yml'.freeze
+    
+    attr_reader :config_path
+
+    def initialize(config_path: DEFAULT_CONFIG_PATH)
+      @config_path = config_path
+    end
+
+    def settings
+      return @_settings if defined?(@_settings)
+      @_settings = parse_settings
+    end
+
+    def organization_id
+      settings['seira']['organization_id']
+    end
+
+    def default_zone
+      settings['seira']['default_zone']
+    end
+
+    def valid_apps
+      settings['seira']['valid_apps']
+    end
+
+    def valid_cluster_names
+      settings['seira']['clusters'].keys
+    end
+
+    def clusters
+      settings['seira']['clusters']
+    end
+
+    def full_cluster_name_for_shorthand(shorthand)
+      return shorthand if valid_cluster_names.include?(shorthand)
+
+      # Try iterating through each cluster to find the relevant alias
+      clusters.each do |cluster_name, cluster_metadata|
+        next if cluster_metadata['aliases'].empty?
+        return cluster_name if cluster_metadata['aliases'].include?(shorthand)
+      end
+
+      nil
+    end
+
+    private
+
+    def parse_settings
+      raw_settings = YAML.load_file(config_path)
+      puts raw_settings.inspect
+      raw_settings
+    end
+  end
+end

data/lib/seira/setup.rb

@@ -0,0 +1,99 @@
+require 'net/http'
+require 'json'
+
+module Seira
+  class Setup
+    attr_reader :arg, :settings
+
+    def initialize(arg:, settings:)
+      @arg = arg
+      @settings = settings
+    end
+
+    # This script should be all that's needed to fully set up gcloud and kubectl cli, fully configured,
+    # on a development machine.
+    def run
+      ensure_software_installed
+
+      if arg == 'all'
+        puts "We will now set up gcloud and kubectl for each project. We use a distinct GCP Project for each environment: #{ENVIRONMENTS.join(', ')}"
+        settings.valid_cluster_names.each do |cluster|
+          setup_cluster(cluster)
+        end
+      elsif settings.valid_cluster_names.include?(arg)
+        puts "We will now set up gcloud and kubectl for #{arg}"
+        setup_cluster(arg)
+      else
+        puts "Please specify a valid cluster name or 'all'."
+        exit(1)
+      end
+
+      puts "You have now configured all of your configurations. Please note that 'gcloud' and 'kubectl' are two separate command line tools."
+      puts "gcloud: For manipulating GCP entities such as sql databases and kubernetes clusters themselves"
+      puts "kubectl: For working within a kubernetes cluster, such as listing pods and deployment statuses"
+      puts "Always remember to update both by using 'seira <cluster>', such as 'seira staging'."
+      puts "Except for special circumstances, you should be able to always use 'seira' tool and avoid `gcloud` and `kubectl` directly."
+      puts "All set!"
+    end
+
+    private
+
+    def setup_cluster(cluster_name)
+      cluster_metadata = settings.clusters[cluster_name]
+
+      if system("gcloud config configurations describe #{cluster_name}")
+        puts "Configuration already exists for #{cluster_name}..."
+      else
+        puts "Creating configuration for this cluster and activating it..."
+        system("gcloud config configurations create #{cluster_name}")
+      end
+
+      system("gcloud config configurations activate #{cluster_name}")
+
+      # TODO: Is this possible to automate?
+      # system("gcloud iam service-accounts create #{iam_user} --display-name=#{iam_user}")
+      # puts "Created service account:"
+      # system("gcloud iam service-accounts describe #{iam_user}@#{cluster_metadata['project']}.iam.gserviceaccount.com")
+      puts "First,"
+      puts "First, set up a service account in the #{cluster_metadata['project']} project and download the credentials for it. You may do so by accessing the below link. Save the file in a safe location."
+      puts "https://console.cloud.google.com/iam-admin/serviceaccounts/project?project=#{cluster_metadata['project']}&organizationId=#{settings.organization_id}"
+      puts "Then, set up an IAM user that it will inherit the permissions for."
+
+      puts "Please enter the path of your JSON key:"
+      filename = STDIN.gets
+      puts "Activating service account..."
+      system("gcloud auth activate-service-account --key-file #{filename}")
+      system("gcloud config set project #{cluster_metadata['project']}")
+      system("gcloud config set compute/zone #{settings.default_zone}")
+      puts "Your new gcloud setup for #{cluster_name}:"
+      system("gcloud config configurations describe #{cluster_name}")
+
+      puts "Configuring kubectl for interactions with this project's kubernetes cluster"
+      system("gcloud container clusters get-credentials #{cluster_name} --zone #{settings.default_zone} --project #{cluster_metadata['project']}")
+      puts "Your kubectl is set up with:"
+      system("kubectl config current-context")
+    end
+
+    def ensure_software_installed
+      puts "Making sure gcloud is installed..."
+      unless system('gcloud --version &> /dev/null')
+        puts "Installing gcloud..."
+        system('curl https://sdk.cloud.google.com | bash')
+        system('exec -l $SHELL')
+        system('gcloud init')
+      end
+
+      puts "Making sure kubectl is installed..."
+      unless system('kubectl version &> /dev/null')
+        puts "Installing kubectl..."
+        system('gcloud components install kubectl')
+      end
+
+      puts "Making sure kubernetes-helm is installed..."
+      unless system('helm version &> /dev/null')
+        puts "Installing helm..."
+        system('brew install kubernetes-helm')
+      end
+    end
+  end
+end

data/lib/seira/version.rb

@@ -0,0 +1,3 @@
+module Seira
+  VERSION = "0.1.0"
+end

data/seira.gemspec

@@ -0,0 +1,29 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'seira/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "seira"
+  spec.version       = Seira::VERSION
+  spec.authors       = ["Scott Ringwelski"]
+  spec.email         = ["scott@joinhandshake.com"]
+
+  spec.summary       = %q{An opinionated library for building applications on Kubernetes.}
+  spec.description   = %q{An opinionated library for building applications on Kubernetes.}
+  spec.homepage      = "https://github.com/joinhandshake/seira"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.executables   = ['seira']
+  spec.require_paths = ["lib"]
+
+  spec.add_runtime_dependency "highline"
+
+  spec.add_development_dependency "bundler", "~> 1.14"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec", "~> 3.0"
+  spec.add_development_dependency "rubocop", "0.51.0"
+end