cluster-builder 0.3.2__py3-none-any.whl → 0.4.0__py3-none-any.whl

cluster_builder/swarmchestrate.py

@@ -591,3 +591,107 @@ class Swarmchestrate:
         finally:
             if copy_dir.exists():
                 shutil.rmtree(copy_dir)
+
+    def create_registry_secrets(self, cluster_config: dict):
+        """
+        Create Docker registry secrets in Kubernetes using OpenTofu.
+
+        :param cluster_config: dict with keys:
+            {
+                "master_ip": "1.2.3.4",
+                "ssh_user": "ubuntu",
+                "ssh_private_key_path": "/path/to/key.pem",
+                "namespace": "optional-namespace",
+                "secret_names": ["optional-name1", "optional-name2"]
+            }
+        """
+        load_dotenv()
+
+        # Read registry creds from env
+        registries = os.getenv("DOCKER_REGISTRIES", "").split(",")
+        usernames = os.getenv("DOCKER_USERNAMES", "").split(",")
+        passwords = os.getenv("DOCKER_PASSWORDS", "").split(",")
+
+        if not (len(registries) == len(usernames) == len(passwords)):
+            raise RuntimeError("Mismatch in registry, username, and password counts")
+
+        # Get cluster connection from method input
+        master_ip = cluster_config.get("master_ip")
+        ssh_user = cluster_config.get("ssh_user")
+        ssh_key_path = cluster_config.get("ssh_private_key_path")
+        namespace = cluster_config.get("namespace", "default")
+        secret_names = cluster_config.get("secret_names", [])
+
+        if not all([master_ip, ssh_user, ssh_key_path]):
+            raise ValueError("Cluster config missing required keys")
+
+        # Validate secret_names length if provided
+        if secret_names and len(secret_names) != len(registries):
+            raise RuntimeError("Length of secret_names must match number of registries")
+
+        # Create temp dir for TF
+        temp_dir = Path(self.output_dir) / "registry-secret"
+        temp_dir.mkdir(parents=True, exist_ok=True)
+
+        try:
+            # Copy template tf file into temp dir
+            tf_source_file = Path(self.template_manager.templates_dir) / "registry_secret.tf"
+            if not tf_source_file.exists():
+                logger.debug(f"registry_secret.tf not found at: {tf_source_file}")
+                raise RuntimeError(f"registry_secret.tf not found at: {tf_source_file}")
+
+            tf_target = temp_dir / "registry_secret.tf"
+            shutil.copy(tf_source_file, tf_target)
+            logger.debug(f"Copied registry_secret.tf to {temp_dir}")
+
+            # Setup env for tofu
+            env_vars = os.environ.copy()
+            env_vars["TF_LOG"] = os.getenv("TF_LOG", "INFO")
+
+            # tofu init
+            CommandExecutor.run_command(
+                ["tofu", "init"],
+                cwd=str(temp_dir),
+                description="Init OpenTofu",
+                env=env_vars,
+            )
+
+            # Apply registry secrets
+            apply_vars = [
+                f"-var=registries={json.dumps(registries)}",
+                f"-var=usernames={json.dumps(usernames)}",
+                f"-var=passwords={json.dumps(passwords)}",
+                f"-var=master_ip={master_ip}",
+                f"-var=ssh_user={ssh_user}",
+                f"-var=ssh_private_key_path={ssh_key_path}",
+                f"-var=namespace={namespace}"
+            ]
+            if secret_names:
+                apply_vars.append(f"-var=secret_names={json.dumps(secret_names)}")
+
+            CommandExecutor.run_command(
+                ["tofu", "apply", "-auto-approve"] + apply_vars,
+                cwd=str(temp_dir),
+                description="Apply registry secrets",
+                env=env_vars,
+            )
+
+            # Fetch Terraform/OpenTofu output
+            output_result = CommandExecutor.run_command(
+                ["tofu", "output", "-json", "docker_registry_secret_names"],
+                cwd=str(temp_dir),
+                description="Fetch registry secret names",
+                env=env_vars,
+            )
+
+            lines = [line for line in output_result.splitlines() if line.strip()]
+            if not lines:
+                raise RuntimeError("No output received from OpenTofu for secret names")
+            secret_names_list = json.loads(lines[-1])
+            logger.info(f"Created registry secrets: {secret_names_list}")
+
+            return secret_names_list
+
+        finally:
+            logger.debug(f"Cleaning up temp dir: {temp_dir}")
+            shutil.rmtree(temp_dir)

cluster_builder/templates/deploy_manifest.tf

@@ -13,31 +13,25 @@ resource "null_resource" "copy_manifests" {
     host        = var.master_ip
   }
 
-  # Ensure the manifests folder exists on the remote host
-  provisioner "remote-exec" {
-    inline = [
-      "mkdir -p /home/${var.ssh_user}/manifests",
-      "sudo chmod 755 /home/${var.ssh_user}/manifests"
-    ]
-  }
-
-  # Copy the manifests
+  # Copy the manifest folder into /tmp
   provisioner "file" {
     source      = var.manifest_folder
-    destination = "/home/${var.ssh_user}"
+    destination = "/tmp/"
   }
 
-  # Apply namespace.yaml first
+  # Apply namespace.yaml first if exists
   provisioner "remote-exec" {
     inline = [
-      "sudo -E KUBECONFIG=/etc/rancher/k3s/k3s.yaml kubectl apply -f /home/${var.ssh_user}/manifests/namespace.yaml"
+      "folder_name=$(basename ${var.manifest_folder})",
+      "if [ -f /tmp/$folder_name/namespace.yaml ]; then sudo -E KUBECONFIG=/etc/rancher/k3s/k3s.yaml kubectl apply -f /tmp/$folder_name/namespace.yaml; fi"
     ]
   }
 
   # Apply the rest of the manifests
   provisioner "remote-exec" {
     inline = [
-      "sudo -E KUBECONFIG=/etc/rancher/k3s/k3s.yaml kubectl apply -R -f /home/${var.ssh_user}/manifests/ --selector='!namespace.yaml'"
+      "folder_name=$(basename ${var.manifest_folder})",
+      "sudo -E KUBECONFIG=/etc/rancher/k3s/k3s.yaml kubectl apply -R -f /tmp/$folder_name"
     ]
   }
 }

cluster_builder/templates/registry_secret.tf

@@ -0,0 +1,52 @@
+variable "registries" {
+  type = list(string)
+}
+
+variable "usernames" {
+  type = list(string)
+}
+
+variable "passwords" {
+  type = list(string)
+}
+
+variable "secret_names" {
+  type    = list(string)
+  default = []
+}
+
+variable "master_ip" {}
+variable "ssh_user" {}
+variable "ssh_private_key_path" {}
+variable "namespace" {
+  default = "default"
+}
+
+resource "null_resource" "docker_registry_secrets" {
+  count = length(var.registries)
+
+  connection {
+    type        = "ssh"
+    host        = var.master_ip
+    user        = var.ssh_user
+    private_key = file(var.ssh_private_key_path)
+  }
+
+  provisioner "remote-exec" {
+    inline = [
+      <<EOT
+        SECRET_NAME=${length(var.secret_names) > 0 ? var.secret_names[count.index] : "regcred-${count.index}"}
+        sudo -E KUBECONFIG=/etc/rancher/k3s/k3s.yaml kubectl create secret docker-registry $SECRET_NAME \
+          --docker-server="${var.registries[count.index]}" \
+          --docker-username="${var.usernames[count.index]}" \
+          --docker-password="${var.passwords[count.index]}" \
+          --namespace="${var.namespace}" \
+          --dry-run=client -o yaml | sudo kubectl apply -f -
+      EOT
+    ]
+  }
+}
+
+output "docker_registry_secret_names" {
+  value = [for i in range(length(var.registries)) : length(var.secret_names) > 0 ? var.secret_names[i] : "regcred-${i}"]
+}

{cluster_builder-0.3.2.dist-info → cluster_builder-0.4.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cluster-builder
-Version: 0.3.2
+Version: 0.4.0
 Summary: Swarmchestrate cluster builder
 Author-email: Gunjan <G.Kotak@westminster.ac.uk>, Jay <J.Deslauriers@westminster.ac.uk>
 License: Apache2

{cluster_builder-0.3.2.dist-info → cluster_builder-0.4.0.dist-info}/RECORD

@@ -1,5 +1,5 @@
 cluster_builder/__init__.py,sha256=p2Rb2BTVm-ScqCKE38436WsItY1BjVAnvx7zwmneSLs,256
-cluster_builder/swarmchestrate.py,sha256=LwIRR1HGD6y6XKhAxDU-T68vIPjtRIeaoaHX95wM_ZM,23139
+cluster_builder/swarmchestrate.py,sha256=3cVjj1Qe2LT-N8GUL6W-jaexf6yJS6aKGaqkiUojEO8,27388
 cluster_builder/config/__init__.py,sha256=HqCua7nqa0m4RNrH-wAw-GNZ8PfmKOeYs2Ur81xGIKU,222
 cluster_builder/config/cluster.py,sha256=0CASucE_npbEmGnyR3UmF0v836tcx9HthAiotCh4sSo,5116
 cluster_builder/config/postgres.py,sha256=nQ5QxxI00GmGAbDl_9I1uEU2eBy1D2eJWGzhsBYUFMc,3354
@@ -7,10 +7,11 @@ cluster_builder/infrastructure/__init__.py,sha256=e8XY3K7Y6FJS-ODr5ufB_myV7btFvY
 cluster_builder/infrastructure/executor.py,sha256=oymr_ZP8xAOcNDAuGCp1v4F81-chR3VRotoD732l4q0,2874
 cluster_builder/infrastructure/templates.py,sha256=TAdNP-012L76dOYsd7JVIQOD4K9XNobK9QWfOoYrbeU,4084
 cluster_builder/templates/aws_provider.tf,sha256=VIRuH_-8pYtJ0Mkck38WUSszHiN3DesFOWkx75aoOIY,425
-cluster_builder/templates/deploy_manifest.tf,sha256=bzvcK-5iAFDMGU32YR5os6qXF1p9d7qWqlv7Kqm72Qo,1106
+cluster_builder/templates/deploy_manifest.tf,sha256=kFf3Q6nuvYzFxFbVdGPjiFINN8ep4_8n0BAMx5UD5nQ,1004
 cluster_builder/templates/ha_user_data.sh.tpl,sha256=njvsBRjdKBuUaYbujJ689wI2sfpoHVpr2kkbG9sKzpw,981
 cluster_builder/templates/master_user_data.sh.tpl,sha256=g_uaehoi9Pm_vCx_vJhXCUqAt7DpcqnAi_QPm5VOgWw,1481
 cluster_builder/templates/openstack_provider.tf,sha256=wFUmkws5xSTOM1GW0Jd8JD__VAUBPNF4j1amo2SRyVM,2049
+cluster_builder/templates/registry_secret.tf,sha256=_om5QIQR2lEVDJb-4B7t25uHL66bGLa7XPSBTQ16E-Y,1336
 cluster_builder/templates/worker_user_data.sh.tpl,sha256=9WP6qe6DGMHgFds_loI1N7DEuMeOI6U4SA-g3GYIIIU,1034
 cluster_builder/templates/aws/main.tf,sha256=v_mR6tdH4-E1SKI8FNqfgl-gU2POrKqRfkXCXV1DGFQ,4875
 cluster_builder/templates/edge/main.tf,sha256=8sBL_ofFfhMEH2biPRmB7X4H_SG3JgYygCOEo90yDTY,2255
@@ -18,8 +19,8 @@ cluster_builder/templates/openstack/main.tf,sha256=uMzArcNE0wbx23Y0x9B7jGIiWIgJd
 cluster_builder/utils/__init__.py,sha256=TeronqOND-SIfi0e76lwD1HfUiPO2h2ZfYhLIwZ3Aks,145
 cluster_builder/utils/hcl.py,sha256=VptRAt2Cy0AxowqMJBZ60KGe4Uptji3Y9WiYrDQsrqY,11534
 cluster_builder/utils/logging.py,sha256=rwDViuqG8PMcXJWHOdtdgbGhWMnbSZ4MwfKsXHxu2B4,1242
-cluster_builder-0.3.2.dist-info/licenses/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
-cluster_builder-0.3.2.dist-info/METADATA,sha256=7M-LAWWdwURezuH4N169kDUZJPjT89ERxH6PlNJ5lOU,10937
-cluster_builder-0.3.2.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-cluster_builder-0.3.2.dist-info/top_level.txt,sha256=fTW8EW1mcWoeWprjwxSHRWpqfXYX8iN-ByEt8HPXIcs,16
-cluster_builder-0.3.2.dist-info/RECORD,,
+cluster_builder-0.4.0.dist-info/licenses/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
+cluster_builder-0.4.0.dist-info/METADATA,sha256=O_6VEjEZY7hdC-Z_t0VV4T2vUGa5OiOXlSZ6yc-d7JU,10937
+cluster_builder-0.4.0.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+cluster_builder-0.4.0.dist-info/top_level.txt,sha256=fTW8EW1mcWoeWprjwxSHRWpqfXYX8iN-ByEt8HPXIcs,16
+cluster_builder-0.4.0.dist-info/RECORD,,