@vfarcic/dot-ai 0.102.0 → 0.104.0

package/scripts/kubernetes.nu

@@ -0,0 +1,609 @@
+#!/usr/bin/env nu
+
+# Creates a Kubernetes cluster with the specified provider
+#
+# Examples:
+# > main create kubernetes aws --name my-cluster --min_nodes 3 --max_nodes 5
+# > main create kubernetes kind --name test-cluster
+def --env "main create kubernetes" [
+    provider: string  # The Kubernetes provider to use (aws, azure, google, upcloud, kind)
+    --name = "dot"  # Name of the Kubernetes cluster
+    --min-nodes = 2  # Minimum number of nodes in the cluster
+    --max-nodes = 4  # Maximum number of nodes in the cluster
+    --node-size = "small" # Supported values: small, medium, large
+    --auth = true  # Whether to perform authentication with the cloud provider
+    --enable-ingress = true  # Whether to enable ingress for the kind provider
+    --aws-access-key-id: string,      # AWS Access Key ID (optional, falls back to AWS_ACCESS_KEY_ID env var)
+    --aws-secret-access-key: string,  # AWS Secret Access Key (optional, falls back to AWS_SECRET_ACCESS_KEY env var)
+    --azure-tenant: string,           # Azure Tenant ID (optional, falls back to AZURE_TENANT env var)
+    --upcloud-username: string,       # UpCloud username (optional, falls back to UPCLOUD_USERNAME env var)
+    --upcloud-password: string        # UpCloud password (optional, falls back to UPCLOUD_PASSWORD env var)
+] {
+
+    $env.KUBECONFIG = $"($env.PWD)/kubeconfig-($name).yaml"
+    $"export KUBECONFIG=($env.KUBECONFIG)\n" | save --append .env
+    $"export KUBECONFIG_($name | str upcase)=($env.KUBECONFIG)\n" | save --append .env
+
+    if $provider == "google" {
+
+        (
+            create gke --name $name --node_size $node_size
+                --min_nodes $min_nodes --max_nodes $max_nodes
+                --auth $auth
+        )
+
+    } else if $provider == "aws" {
+
+        (
+            create eks  --name $name --node_size $node_size
+                --min_nodes $min_nodes --max_nodes $max_nodes
+                --aws-access-key-id $aws_access_key_id
+                --aws-secret-access-key $aws_secret_access_key
+        )
+
+    } else if $provider == "azure" {
+
+        (
+            create aks --name $name --node_size $node_size
+                --min_nodes $min_nodes --max_nodes $max_nodes
+                --azure-tenant $azure_tenant
+        )
+
+    } else if $provider == "upcloud" {
+
+        (
+            create upcloud --name $name --node_size $node_size
+                --min_nodes $min_nodes --max_nodes $max_nodes
+                --upcloud-username $upcloud_username
+                --upcloud-password $upcloud_password
+        )
+
+    } else if $provider == "kind" {
+
+        mut config = {
+            kind: "Cluster"
+            apiVersion: "kind.x-k8s.io/v1alpha4"
+            name: $name
+            nodes: [{
+                role: "control-plane"
+            }]
+        }
+
+        if $enable_ingress {
+            $config = $config | merge {
+                nodes: [{
+                    role: "control-plane"
+                    kubeadmConfigPatches: ['kind: InitConfiguration
+nodeRegistration:
+  kubeletExtraArgs:
+    node-labels: "ingress-ready=true"'
+                    ]
+                    extraPortMappings: [{
+                        containerPort: 80
+                        hostPort: 80
+                        protocol: "TCP"
+                    }, {
+                        containerPort: 443
+                        hostPort: 443
+                        protocol: "TCP"
+                    }]
+                }]
+            }
+        }
+        
+        $config | to yaml | save $"kind.yaml" --force
+
+        kind create cluster --config kind.yaml
+    
+    } else {
+
+        print $"(ansi red_bold)($provider)(ansi reset) is not a supported."
+        exit 1
+
+    }
+
+    $env.KUBECONFIG
+
+}
+
+# Lists the required packages for Kubernetes functionality
+#
+# Examples:
+# > main packages kubernetes
+def "main packages kubernetes" [] {
+
+    print $"(ansi yellow_bold)Following Nix packages are required(ansi reset):
+* kind
+* kubectl
+* awscli2
+* eksctl
+* google-cloud-sdk
+* azure-cli
+"
+
+print $"(ansi yellow_bold)Following tools not available as Nix packages are required(ansi reset):
+* upctl
+"
+
+}
+
+# Destroys a Kubernetes cluster created with the specified provider
+#
+# Examples:
+# > main destroy kubernetes aws --name my-cluster
+# > main destroy kubernetes google --name test-cluster --delete_project false
+def "main destroy kubernetes" [
+    provider: string  # The Kubernetes provider to delete (aws, azure, google, upcloud, kind)
+    --name = "dot"  # Name of the Kubernetes cluster to destroy
+    --delete_project = true  # Whether to delete the associated cloud project
+] {
+
+    if $provider == "google" {
+
+        rm --force $env.KUBECONFIG
+
+        (
+            gcloud container clusters delete $name
+                --project $env.PROJECT_ID --zone us-east1-b --quiet
+        )
+
+        if $delete_project {
+            gcloud projects delete $env.PROJECT_ID --quiet
+        }
+    
+    } else if $provider == "aws" {
+
+        let region = "us-east-1"
+
+        (
+            eksctl delete addon --name aws-ebs-csi-driver
+                --cluster $name --region $region
+        )
+
+        (
+            eksctl delete nodegroup --name primary
+                --cluster $name --drain=false
+                --region $region --parallel 10 --wait
+        )
+
+        (
+            eksctl delete cluster
+                --config-file $"eksctl-config-($name).yaml"
+                --wait
+        )
+
+    } else if $provider == "azure" {
+
+        (
+            az aks delete --resource-group $env.RESOURCE_GROUP
+                --name $name --yes
+        )
+
+        if $delete_project {
+
+            az group delete --name $env.RESOURCE_GROUP --yes
+
+        }
+
+    } else if $provider == "upcloud" {
+
+        print $"Deleting (ansi yellow_bold)Kubernetes(ansi reset)..."
+
+        upctl kubernetes delete $name
+
+        print $"Waiting for (ansi yellow_bold)10 minutes(ansi reset) to fully clean up the cluster..."
+
+        sleep 600sec
+
+        print $"Deleting (ansi yellow_bold)network(ansi reset)..."
+
+        upctl network delete $name
+
+    } else if $provider == "kind" {
+
+        kind delete cluster --name $name
+
+    }
+
+    if "KUBECONFIG" in $env {
+        rm --force $env.KUBECONFIG
+    }
+
+}
+
+# Creates Kubernetes credentials in a kubeconfig file
+#
+# Examples:
+# > main create kubernetes_creds --source_kuberconfig kubeconfig.yaml --destination_kuberconfig new-kubeconfig.yaml
+def "main create kubernetes_creds" [
+    --source_kuberconfig = "kubeconfig.yaml"  # Path to the source kubeconfig file
+    --destination_kuberconfig = "kubeconfig_new.yaml"  # Path to the destination kubeconfig file
+] {
+
+    {
+        apiVersion: "v1"
+        kind: "ServiceAccount"
+        metadata: {
+            name: "creds"
+            namespace: "kube-system"
+        }
+    } | to yaml | kubectl --kubeconfig $source_kuberconfig apply --filename -
+
+    {
+        apiVersion: "v1"
+        kind: "Secret"
+        metadata: {
+            name: "creds"
+            namespace: "kube-system"
+            annotations: {
+                "kubernetes.io/service-account.name": "creds"
+            }
+        }
+        type: "kubernetes.io/service-account-token"
+    } | to yaml | kubectl --kubeconfig $source_kuberconfig apply --filename -
+
+    {
+        apiVersion: "rbac.authorization.k8s.io/v1"
+        kind: "ClusterRoleBinding"
+        metadata: {
+            name: "creds"
+        }
+        subjects: [{
+            kind: "ServiceAccount"
+            name: "creds"
+            namespace: "kube-system"
+        }]
+        roleRef: {
+            kind: "ClusterRole"
+            name: "cluster-admin"
+            apiGroup: "rbac.authorization.k8s.io"
+        }
+    }
+        | to yaml
+        | kubectl --kubeconfig $source_kuberconfig apply --filename -
+
+    let kube_ca_data = open $source_kuberconfig
+        | get clusters.0.cluster.certificate-authority-data
+
+    let kube_url = open $source_kuberconfig
+        | get clusters.0.cluster.server
+
+    let token_encoded = (
+        kubectl
+            --kubeconfig $source_kuberconfig
+            --namespace kube-system
+            get secret creds --output yaml
+    )
+        | from yaml
+        | get data.token
+
+    let token = ($token_encoded | decode base64 | decode)
+
+    {
+        apiVersion: "v1"
+        kind: "Config"
+        clusters: [{
+            name: "default-cluster"
+            cluster: {
+                certificate-authority-data: $kube_ca_data
+                server: $"($kube_url):443"
+            }
+        }]
+        contexts: [{
+            name: "default-context"
+            context: {
+                cluster: "default-cluster"
+                namespace: "default"
+                user: "default-user"
+            }
+        }]
+        current-context: "default-context"
+        users: [{
+            name: "default-user"
+            user: {
+                token: $token
+            }
+        }]
+    } | to yaml | save $source_kuberconfig --force
+
+}
+
+# Creates a UpCloud Kubernetes cluster
+#
+# Examples:
+# > create upcloud --name my-cluster --node_size medium --min_nodes 3 --max_nodes 5
+def --env "create upcloud" [
+    --name = "dot"  # Name of the Kubernetes cluster
+    --node_size = "small" # Supported values: small, medium, large
+    --min_nodes = 2  # Minimum number of nodes in the cluster
+    --max_nodes = 4  # Maximum number of nodes in the cluster
+    --upcloud-username: string,  # UpCloud username (optional, falls back to UPCLOUD_USERNAME env var)
+    --upcloud-password: string   # UpCloud password (optional, falls back to UPCLOUD_PASSWORD env var)
+] {
+
+print $"
+Visit https://signup.upcloud.com/?promo=devops50 to (ansi yellow_bold)sign up(ansi reset) and get $50+ credits.
+Make sure that (ansi yellow_bold)Allow API connections from all networks(ansi reset) is checked inside the https://hub.upcloud.com/account/overview page.
+Install `(ansi yellow_bold)upctl(ansi reset)` from https://upcloudltd.github.io/upcloud-cli if you do not have it already.
+Press the (ansi yellow_bold)enter key(ansi reset) to continue.
+"
+        input
+
+        mut username = $upcloud_username
+        if ($username | is-empty) and ("UPCLOUD_USERNAME" in $env) {
+            $username = $env.UPCLOUD_USERNAME
+        } else if ($username | is-empty) {
+            error make { msg: "UpCloud username required via --upcloud-username parameter or UPCLOUD_USERNAME environment variable" }
+        }
+        $env.UPCLOUD_USERNAME = $username
+        $"export UPCLOUD_USERNAME=($username)\n"
+            | save --append .env
+
+        mut password = $upcloud_password
+        if ($password | is-empty) and ("UPCLOUD_PASSWORD" in $env) {
+            $password = $env.UPCLOUD_PASSWORD
+        } else if ($password | is-empty) {
+            error make { msg: "UpCloud password required via --upcloud-password parameter or UPCLOUD_PASSWORD environment variable" }
+        }
+        $env.UPCLOUD_PASSWORD = $password
+        $"export UPCLOUD_PASSWORD=($password)\n"
+            | save --append .env
+        print ""
+
+        mut vm_size = "2xCPU-4GB"
+        if $node_size == "medium" {
+            $vm_size = "4xCPU-8GB"
+        } else if $node_size == "large" {
+            $vm_size = "8xCPU-32GB"
+        }
+
+        print $"Creating (ansi yellow_bold)network(ansi reset)..."
+
+        do --ignore-errors {(
+            upctl network create --name $name --zone us-nyc1
+                --ip-network address="10.0.1.0/24,dhcp=true"
+        )}
+
+        print $"Creating (ansi yellow_bold)Kubernetes(ansi reset) cluster..."
+
+        (
+            upctl kubernetes create --name $name --zone us-nyc1
+                --node-group $"count=($min_nodes),name=dot,plan=($vm_size)"
+                --plan dev-md  --network $name --version "1.30"
+                --kubernetes-api-allow-ip "0.0.0.0/0" --wait
+        )
+
+        print $"Getting (ansi yellow_bold)kubeconfig(ansi reset)..."
+
+        (
+            upctl kubernetes config $name --output yaml
+                --write $env.KUBECONFIG
+        )
+
+        print $"Waiting for (ansi yellow_bold)5 minutes(ansi reset) to fully set up the cluster..."
+
+        sleep 300sec
+
+}
+
+# Creates an Azure Kubernetes Service (AKS) cluster
+#
+# Examples:
+# > create aks --name my-cluster --node_size medium --min_nodes 3 --max_nodes 5
+def --env "create aks" [
+    --name = "dot",  # Name of the Kubernetes cluster
+    --min_nodes = 2,  # Minimum number of nodes in the cluster
+    --max_nodes = 4,  # Maximum number of nodes in the cluster
+    --node_size = "small", # Supported values: small, medium, large
+    --auth = true,  # Whether to perform authentication with Azure
+    --azure-tenant: string  # Azure Tenant ID (optional, falls back to AZURE_TENANT env var)
+] {
+
+    let location = "eastus"
+
+    mut tenant = $azure_tenant
+    if ($tenant | is-empty) and ("AZURE_TENANT" in $env) {
+        $tenant = $env.AZURE_TENANT
+    } else if ($tenant | is-empty) {
+        error make { msg: "Azure Tenant ID required via --azure-tenant parameter or AZURE_TENANT environment variable" }
+    }
+
+    if $auth {
+        az login --tenant $tenant
+    }
+
+    mut resource_group = ""
+    if RESOURCE_GROUP in $env {
+        $resource_group = $env.RESOURCE_GROUP
+    } else {
+        $resource_group = $"dot-(date now | format date "%Y%m%d%H%M%S")"
+        $env.RESOURCE_GROUP = $resource_group
+        $"export RESOURCE_GROUP=($resource_group)\n" | save --append .env
+        az group create --name $resource_group --location $location
+    }
+    mut vm_size = "Standard_B2s"
+    if $node_size == "medium" {
+        $vm_size = "Standard_B4ms"
+    } else if $node_size == "large" {
+        $vm_size = "Standard_B8ms"
+    }
+
+    (
+        az aks create --resource-group $resource_group --name $name
+            --node-count $min_nodes --min-count $min_nodes
+            --max-count $max_nodes
+            --node-vm-size $vm_size
+            --enable-managed-identity --generate-ssh-keys
+            --enable-cluster-autoscaler --yes
+    )
+
+    (
+        az aks get-credentials --resource-group $resource_group
+            --name $name --file $env.KUBECONFIG
+    )
+
+}
+
+# Creates a Google Kubernetes Engine (GKE) cluster
+#
+# Examples:
+# > create gke --name my-cluster --node_size medium --min_nodes 3 --max_nodes 5 --auth true
+def --env "create gke" [
+    --name = "dot",  # Name of the Kubernetes cluster
+    --min_nodes = 2,  # Minimum number of nodes in the cluster
+    --max_nodes = 4,  # Maximum number of nodes in the cluster
+    --node_size = "small" # Supported values: small, medium, large
+    --auth = true  # Whether to perform authentication with Google Cloud
+] {
+
+    if $auth {
+        gcloud auth login
+    }
+
+    mut project_id = ""
+    if PROJECT_ID in $env and not $auth {
+        $project_id = $env.PROJECT_ID
+    } else {
+        $project_id = $"dot-(date now | format date "%Y%m%d%H%M%S")"
+        $env.PROJECT_ID = $project_id
+        $"export PROJECT_ID=($project_id)\n" | save --append .env
+
+        gcloud projects create $project_id
+
+        start $"https://console.cloud.google.com/marketplace/product/google/container.googleapis.com?project=($project_id)"
+
+        print $"
+    (ansi yellow_bold)ENABLE(ansi reset) the API.
+    Press the (ansi yellow_bold)enter key(ansi reset) to continue.
+    "
+        input
+    }
+
+    mut vm_size = "e2-standard-2"
+    if $node_size == "medium" {
+        $vm_size = "e2-standard-4"
+    } else if $node_size == "large" {
+        $vm_size = "e2-standard-8"
+    }
+
+    (
+        gcloud container clusters create $name --project $project_id
+            --zone us-east1-b --machine-type $vm_size
+            --enable-autoscaling --num-nodes $min_nodes
+            --min-nodes $min_nodes --max-nodes $max_nodes
+            --enable-network-policy --no-enable-autoupgrade
+    )
+
+    (
+        gcloud container clusters get-credentials $name
+            --project $project_id --zone us-east1-b
+    )
+
+}
+
+# Creates an Amazon Elastic Kubernetes Service (EKS) cluster
+#
+# Examples:
+# > create eks --name my-cluster --node_size medium --min_nodes 3 --max_nodes 5
+def --env "create eks" [
+    --name = "dot",  # Name of the Kubernetes cluster
+    --min_nodes = 2,  # Minimum number of nodes in the cluster
+    --max_nodes = 4,  # Maximum number of nodes in the cluster
+    --node_size = "small", # Supported values: small, medium, large
+    --aws-access-key-id: string,      # AWS Access Key ID (optional, falls back to AWS_ACCESS_KEY_ID env var)
+    --aws-secret-access-key: string   # AWS Secret Access Key (optional, falls back to AWS_SECRET_ACCESS_KEY env var)
+] {
+
+    let region = "us-east-1"
+
+    mut access_key = $aws_access_key_id
+    if ($access_key | is-empty) and ("AWS_ACCESS_KEY_ID" in $env) {
+        $access_key = $env.AWS_ACCESS_KEY_ID
+    } else if ($access_key | is-empty) {
+        error make { msg: "AWS Access Key ID required via --aws-access-key-id parameter or AWS_ACCESS_KEY_ID environment variable" }
+    }
+    $"export AWS_ACCESS_KEY_ID=($access_key)\n"
+        | save --append .env
+
+    mut secret_key = $aws_secret_access_key
+    if ($secret_key | is-empty) and ("AWS_SECRET_ACCESS_KEY" in $env) {
+        $secret_key = $env.AWS_SECRET_ACCESS_KEY
+    } else if ($secret_key | is-empty) {
+        error make { msg: "AWS Secret Access Key required via --aws-secret-access-key parameter or AWS_SECRET_ACCESS_KEY environment variable" }
+    }
+    $"export AWS_SECRET_ACCESS_KEY=($secret_key)\n"
+        | save --append .env
+
+    let aws_account_id = (
+        aws sts get-caller-identity --query "Account" 
+            --output text
+    )
+    $"export AWS_ACCOUNT_ID=($aws_account_id)\n"
+        | save --append .env
+
+    $"[default]
+aws_access_key_id = ($access_key)
+aws_secret_access_key = ($secret_key)
+" | save aws-creds.conf --force
+
+    mut vm_size = "t3.medium"
+    if $node_size == "medium" {
+        $vm_size = "t3.xlarge"
+    } else if $node_size == "large" {
+        $vm_size = "t3.2xlarge"
+    }
+
+    {
+        apiVersion: "eksctl.io/v1alpha5"
+        kind: "ClusterConfig"
+        metadata: {
+            name: $name
+            region: $region
+            version: "1.31"
+        }
+        managedNodeGroups: [{
+            name: "primary"
+            instanceType: $vm_size
+            minSize: $min_nodes
+            maxSize: $max_nodes
+            iam: {
+                withAddonPolicies: {
+                    autoScaler: true
+                    ebs: true
+                }
+            }
+        }]
+    } | to yaml | save $"eksctl-config-($name).yaml" --force
+
+    (
+        eksctl create cluster
+            --config-file $"eksctl-config-($name).yaml"
+            --kubeconfig $env.KUBECONFIG
+    )
+
+    (
+        eksctl create addon --name aws-ebs-csi-driver
+            --cluster $name
+            --service-account-role-arn $"arn:aws:iam::($aws_account_id):role/AmazonEKS_EBS_CSI_DriverRole"
+            --region $region --force
+    )
+
+    (
+        kubectl patch storageclass gp2
+            --patch '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
+    )
+
+    (
+        eksctl utils associate-iam-oidc-provider --cluster $name
+            --region $region --approve
+    )
+
+    let oidc_provider = (
+        aws eks describe-cluster --name $name --region $region
+            --query "cluster.identity.oidc.issuer"
+            --output text | str replace "https://" ""
+    )
+    $"export OIDC_PROVIDER=($oidc_provider)\n"
+        | save --append .env
+
+}

package/scripts/kubevela.nu

@@ -0,0 +1,22 @@
+#!/usr/bin/env nu
+
+# Installs KubeVela platform
+#
+# Examples:
+# > main apply kubevela example.com --ingress_class nginx
+def "main apply kubevela" [
+    host: string
+    --ingress_class = "nginx"
+] {
+
+    vela install
+
+    # (
+    #     vela addon enable velaux
+    #         $"domain=vela.($host)"
+    #         $"gatewayDriver=($ingress_class)"
+    # )
+
+    # start $"http://($host)"
+
+}

package/scripts/kyverno.nu

@@ -0,0 +1,16 @@
+#!/usr/bin/env nu
+
+# Installs Kyverno policy engine for Kubernetes
+def "main apply kyverno" [] {
+
+    helm repo add kyverno https://kyverno.github.io/kyverno
+
+    helm repo update
+
+    (
+        helm upgrade --install kyverno kyverno/kyverno
+            --namespace kyverno --create-namespace
+            --wait
+    )
+
+}