gabrielgrant/OCPify-manifest.sh

## OCPify-manifest.sh
#! /bin/bash

set -e

usage() {
    echo "
Usage:
  $0 <base NodePort> BASE_MANIFEST

Takes BASE_MANIFEST (which should be the JSON result of
running \"pachctl deploy custom ... --dry-run\") and transforms it
to be compatible with OpenShift.

Two manifests are output:

- output_manifest_admin.json sets up a [Cluster]Role, [Cluster]RoleBinding, and ServiceAccount
- output_manifest.json contains the rest of the components to deploy Pachyderm


base NodePort        default is 6 (ie use ports 30650-30654). You should
                     only need to change this if you are deployming
                     multiple instances of Pachyderm. Must be 0-9
" >&2


TODO="Options:
  -l, --local-role   Use a (local) Role and RoleBinding, rather than
                     ClusterRole and ClusterRoleBinding (the defaults).
                     This will disable usage of scaling based on
                     \"coeficient\", as pachd will not be able to
                     access the list of the Kubernetes (OpenShift) nodes
"
}


export BASE_NODEPORT=6

# if there are two args, check validity of base NodePort
if [ "$#" -eq 2 ] ; then
    re='^[0-9]$'
    if ! [[ $1 =~ $re ]] ; then
        echo
        echo "Error: base NodePort argument must be a single digit (0-9); you provided \"$1\"" >&2
        usage
        exit 1
    fi
    export BASE_NODEPORT=$1
    BASE_MANIFEST=$2
elif [ "$#" -eq 1 ] ; then
    export BASE_NODEPORT='6'  # default
    BASE_MANIFEST=$1
else
    echo "Error: 1 or 2 arguments expected (you provided $#)" >&2
    usage
    exit 1
fi

# check $BASE_MANIFEST exists
if [[ ! -f $BASE_MANIFEST ]]; then
    echo "Error: Specified BASE_MANIFEST does not exist (\"$BASE_MANIFEST\")" >&2
    usage
    exit 1
fi

OUTPUT_DIR=$(dirname "$BASE_MANIFEST")

MAIN_OUTPUT_MANIFEST="${OUTPUT_DIR}/manifest.json"
ADMIN_OUTPUT_MANIFEST="${OUTPUT_DIR}/admin_manifest.json"

echo "OCPifying \"$BASE_MANIFEST\" using base NodePort $BASE_NODEPORT"

set -x
# -- Switch between generate mode or debug mode

#OUTPUT_CMD="jq -S . | diff $BASE_MANIFEST - | less"
OUTPUT_CMD="sponge $MAIN_OUTPUT_MANIFEST"  # comment out this line to see the result of each filter interactively


cp $BASE_MANIFEST $MAIN_OUTPUT_MANIFEST


# -- Apply manifest filters


# disable usage of the docker socket (in pachd container template, within pachd Deployment)

jq 'select(.kind == "Deployment" and .metadata.name == "pachd").spec.template.spec.containers[] |= (select(.name == "pachd").env[] |= (select(.name == "NO_EXPOSE_DOCKER_SOCKET").value = "true"))' < $MAIN_OUTPUT_MANIFEST | bash -c "$OUTPUT_CMD"


# change service port numbers:
#  - prefixes "1" onto the default "port" values, since containers can't bind on priviledged ports
#  - adds the provided "base nodePort" (default 6), so multiple instances can be deployed side-by-side

PACHD_SERVICE_SPEC_PORTS=`envsubst <<< '[
  {
    "name": "api-grpc-port",
    "port": 1650,
    "targetPort": 0,
    "nodePort": 30${BASE_NODEPORT}50
  },
  {
    "name": "trace-port",
    "port": 1651,
    "targetPort": 0,
    "nodePort": 30${BASE_NODEPORT}51
  },
  {
    "name": "api-http-port",
    "port": 1652,
    "targetPort": 0,
    "nodePort": 30${BASE_NODEPORT}52
  },
  {
    "name": "saml-port",
    "port": 1654,
    "targetPort": 0,
    "nodePort": 30${BASE_NODEPORT}54
  },
  {
    "name": "api-git-port",
    "port": 1999,
    "targetPort": 0,
    "nodePort": 30${BASE_NODEPORT}99
  }
]'`


jq -S  'select(.kind == "Service" and .metadata.name == "pachd").spec.ports = $PACHD_SERVICE_SPEC_PORTS' --argjson PACHD_SERVICE_SPEC_PORTS "$PACHD_SERVICE_SPEC_PORTS" < $MAIN_OUTPUT_MANIFEST | bash -c "$OUTPUT_CMD"


# change  container port numbers

PACHD_DEPLOYMENT_CONTAINER_PORTS='[
  {
    "containerPort": 1650,
    "name": "api-grpc-port",
    "protocol": "TCP"
  },
  {
    "containerPort": 1651,
    "name": "trace-port"
  },
  {
    "containerPort": 1652,
    "name": "api-http-port",
    "protocol": "TCP"
  },
  {
    "containerPort": 1653,
    "name": "peer-port",
    "protocol": "TCP"
  },
  {
    "containerPort": 1999,
    "name": "api-git-port",
    "protocol": "TCP"
  },
  {
    "containerPort": 1654,
    "name": "saml-port",
    "protocol": "TCP"
  }
]'


jq -S  'select(.kind == "Deployment" and .metadata.name == "pachd").spec.template.spec.containers[] |= (select(.name == "pachd").ports = $PACHD_DEPLOYMENT_CONTAINER_PORTS)' --argjson PACHD_DEPLOYMENT_CONTAINER_PORTS "$PACHD_DEPLOYMENT_CONTAINER_PORTS" < $MAIN_OUTPUT_MANIFEST | bash -c "$OUTPUT_CMD"


# add port env vars

PACHD_DEPLOYMENT_CONTAINER_PORTS_ENVVARS='[
  {
    "name": "PORT",
    "value": "1650"
  },
  {
    "name": "PPROF_PORT",
    "value": "1651"
  },
  {
    "name": "HTTP_PORT",
    "value": "1652"
  },
  {
    "name": "PEER_PORT",
    "value": "1653"
  },
  {
    "name": "PPS_WORKER_GRPC_PORT",
    "value": "1680"
  }
]'

jq -S  'select(.kind == "Deployment" and .metadata.name == "pachd").spec.template.spec.containers[] |= (select(.name == "pachd").env += $PACHD_DEPLOYMENT_CONTAINER_PORTS_ENVVARS )' --argjson PACHD_DEPLOYMENT_CONTAINER_PORTS_ENVVARS "$PACHD_DEPLOYMENT_CONTAINER_PORTS_ENVVARS" < $MAIN_OUTPUT_MANIFEST | bash -c "$OUTPUT_CMD"

# tell pachd to generate Pipeline RC manifests that don't use root

DISABLE_ROOT_ENV_VAR='[{
  "name": "WORKER_USES_ROOT",
  "value": "false"
}]'

jq -S 'select(.kind == "Deployment" and .metadata.name == "pachd").spec.template.spec.containers[] |= (select(.name == "pachd").env += $DISABLE_ROOT_ENV_VAR)' --argjson DISABLE_ROOT_ENV_VAR "$DISABLE_ROOT_ENV_VAR" < $MAIN_OUTPUT_MANIFEST | bash -c "$OUTPUT_CMD"

# remove PV

jq -S  'select(.kind != "PersistentVolume")' < $MAIN_OUTPUT_MANIFEST | bash -c "$OUTPUT_CMD"

# rename PVC

jq -S  'select(.kind == "PersistentVolumeClaim").spec.volumeName=$ETCD_PV_NAME' --arg ETCD_PV_NAME "$ETCD_PV_NAME" < $MAIN_OUTPUT_MANIFEST | bash -c "$OUTPUT_CMD"


# remove dash service

jq -S  'select(.kind != "Service" or .metadata.name != "dash")' < $MAIN_OUTPUT_MANIFEST | bash -c "$OUTPUT_CMD"

# remove dash deployment

jq -S  'select(.kind != "Deployment" or .metadata.name != "dash")' < $MAIN_OUTPUT_MANIFEST | bash -c "$OUTPUT_CMD"

# filter ClusterRole, ClusterRoleBinding, and ServiceAccount into admin-manifest.json


jq -S  'select(.kind == "ClusterRole" or .kind == "ClusterRoleBinding" or .kind == "ServiceAccount")' < $MAIN_OUTPUT_MANIFEST > $ADMIN_OUTPUT_MANIFEST

jq -S  'select(.kind != "ClusterRole" and .kind != "ClusterRoleBinding" and .kind != "ServiceAccount")' < $MAIN_OUTPUT_MANIFEST | bash -c "$OUTPUT_CMD"

set +x

echo
echo "Successfully converted manifests"
echo "Output to $MAIN_OUTPUT_MANIFEST and $ADMIN_OUTPUT_MANIFEST"
echo
	#! /bin/bash

	set -e

	usage() {
	echo "
	Usage:
	$0 <base NodePort> BASE_MANIFEST

	Takes BASE_MANIFEST (which should be the JSON result of
	running \"pachctl deploy custom ... --dry-run\") and transforms it
	to be compatible with OpenShift.

	Two manifests are output:

	- output_manifest_admin.json sets up a [Cluster]Role, [Cluster]RoleBinding, and ServiceAccount
	- output_manifest.json contains the rest of the components to deploy Pachyderm


	base NodePort default is 6 (ie use ports 30650-30654). You should
	only need to change this if you are deployming
	multiple instances of Pachyderm. Must be 0-9
	" >&2


	TODO="Options:
	-l, --local-role Use a (local) Role and RoleBinding, rather than
	ClusterRole and ClusterRoleBinding (the defaults).
	This will disable usage of scaling based on
	\"coeficient\", as pachd will not be able to
	access the list of the Kubernetes (OpenShift) nodes
	"
	}



	export BASE_NODEPORT=6

	# if there are two args, check validity of base NodePort
	if [ "$#" -eq 2 ] ; then
	re='^[0-9]$'
	if ! [[ $1 =~ $re ]] ; then
	echo
	echo "Error: base NodePort argument must be a single digit (0-9); you provided \"$1\"" >&2
	usage
	exit 1
	fi
	export BASE_NODEPORT=$1
	BASE_MANIFEST=$2
	elif [ "$#" -eq 1 ] ; then
	export BASE_NODEPORT='6' # default
	BASE_MANIFEST=$1
	else
	echo "Error: 1 or 2 arguments expected (you provided $#)" >&2
	usage
	exit 1
	fi

	# check $BASE_MANIFEST exists
	if [[ ! -f $BASE_MANIFEST ]]; then
	echo "Error: Specified BASE_MANIFEST does not exist (\"$BASE_MANIFEST\")" >&2
	usage
	exit 1
	fi

	OUTPUT_DIR=$(dirname "$BASE_MANIFEST")

	MAIN_OUTPUT_MANIFEST="${OUTPUT_DIR}/manifest.json"
	ADMIN_OUTPUT_MANIFEST="${OUTPUT_DIR}/admin_manifest.json"

	echo "OCPifying \"$BASE_MANIFEST\" using base NodePort $BASE_NODEPORT"

	set -x
	# -- Switch between generate mode or debug mode

	#OUTPUT_CMD="jq -S . \| diff $BASE_MANIFEST - \| less"
	OUTPUT_CMD="sponge $MAIN_OUTPUT_MANIFEST" # comment out this line to see the result of each filter interactively


	cp $BASE_MANIFEST $MAIN_OUTPUT_MANIFEST


	# -- Apply manifest filters


	# disable usage of the docker socket (in pachd container template, within pachd Deployment)

	jq 'select(.kind == "Deployment" and .metadata.name == "pachd").spec.template.spec.containers[] \|= (select(.name == "pachd").env[] \|= (select(.name == "NO_EXPOSE_DOCKER_SOCKET").value = "true"))' < $MAIN_OUTPUT_MANIFEST \| bash -c "$OUTPUT_CMD"


	# change service port numbers:
	# - prefixes "1" onto the default "port" values, since containers can't bind on priviledged ports
	# - adds the provided "base nodePort" (default 6), so multiple instances can be deployed side-by-side

	PACHD_SERVICE_SPEC_PORTS=`envsubst <<< '[
	{
	"name": "api-grpc-port",
	"port": 1650,
	"targetPort": 0,
	"nodePort": 30${BASE_NODEPORT}50
	},
	{
	"name": "trace-port",
	"port": 1651,
	"targetPort": 0,
	"nodePort": 30${BASE_NODEPORT}51
	},
	{
	"name": "api-http-port",
	"port": 1652,
	"targetPort": 0,
	"nodePort": 30${BASE_NODEPORT}52
	},
	{
	"name": "saml-port",
	"port": 1654,
	"targetPort": 0,
	"nodePort": 30${BASE_NODEPORT}54
	},
	{
	"name": "api-git-port",
	"port": 1999,
	"targetPort": 0,
	"nodePort": 30${BASE_NODEPORT}99
	}
	]'`



	jq -S 'select(.kind == "Service" and .metadata.name == "pachd").spec.ports = $PACHD_SERVICE_SPEC_PORTS' --argjson PACHD_SERVICE_SPEC_PORTS "$PACHD_SERVICE_SPEC_PORTS" < $MAIN_OUTPUT_MANIFEST \| bash -c "$OUTPUT_CMD"


	# change container port numbers

	PACHD_DEPLOYMENT_CONTAINER_PORTS='[
	{
	"containerPort": 1650,
	"name": "api-grpc-port",
	"protocol": "TCP"
	},
	{
	"containerPort": 1651,
	"name": "trace-port"
	},
	{
	"containerPort": 1652,
	"name": "api-http-port",
	"protocol": "TCP"
	},
	{
	"containerPort": 1653,
	"name": "peer-port",
	"protocol": "TCP"
	},
	{
	"containerPort": 1999,
	"name": "api-git-port",
	"protocol": "TCP"
	},
	{
	"containerPort": 1654,
	"name": "saml-port",
	"protocol": "TCP"
	}
	]'



	jq -S 'select(.kind == "Deployment" and .metadata.name == "pachd").spec.template.spec.containers[] \|= (select(.name == "pachd").ports = $PACHD_DEPLOYMENT_CONTAINER_PORTS)' --argjson PACHD_DEPLOYMENT_CONTAINER_PORTS "$PACHD_DEPLOYMENT_CONTAINER_PORTS" < $MAIN_OUTPUT_MANIFEST \| bash -c "$OUTPUT_CMD"



	# add port env vars

	PACHD_DEPLOYMENT_CONTAINER_PORTS_ENVVARS='[
	{
	"name": "PORT",
	"value": "1650"
	},
	{
	"name": "PPROF_PORT",
	"value": "1651"
	},
	{
	"name": "HTTP_PORT",
	"value": "1652"
	},
	{
	"name": "PEER_PORT",
	"value": "1653"
	},
	{
	"name": "PPS_WORKER_GRPC_PORT",
	"value": "1680"
	}
	]'

	jq -S 'select(.kind == "Deployment" and .metadata.name == "pachd").spec.template.spec.containers[] \|= (select(.name == "pachd").env += $PACHD_DEPLOYMENT_CONTAINER_PORTS_ENVVARS )' --argjson PACHD_DEPLOYMENT_CONTAINER_PORTS_ENVVARS "$PACHD_DEPLOYMENT_CONTAINER_PORTS_ENVVARS" < $MAIN_OUTPUT_MANIFEST \| bash -c "$OUTPUT_CMD"

	# tell pachd to generate Pipeline RC manifests that don't use root

	DISABLE_ROOT_ENV_VAR='[{
	"name": "WORKER_USES_ROOT",
	"value": "false"
	}]'

	jq -S 'select(.kind == "Deployment" and .metadata.name == "pachd").spec.template.spec.containers[] \|= (select(.name == "pachd").env += $DISABLE_ROOT_ENV_VAR)' --argjson DISABLE_ROOT_ENV_VAR "$DISABLE_ROOT_ENV_VAR" < $MAIN_OUTPUT_MANIFEST \| bash -c "$OUTPUT_CMD"

	# remove PV

	jq -S 'select(.kind != "PersistentVolume")' < $MAIN_OUTPUT_MANIFEST \| bash -c "$OUTPUT_CMD"

	# rename PVC

	jq -S 'select(.kind == "PersistentVolumeClaim").spec.volumeName=$ETCD_PV_NAME' --arg ETCD_PV_NAME "$ETCD_PV_NAME" < $MAIN_OUTPUT_MANIFEST \| bash -c "$OUTPUT_CMD"


	# remove dash service

	jq -S 'select(.kind != "Service" or .metadata.name != "dash")' < $MAIN_OUTPUT_MANIFEST \| bash -c "$OUTPUT_CMD"

	# remove dash deployment

	jq -S 'select(.kind != "Deployment" or .metadata.name != "dash")' < $MAIN_OUTPUT_MANIFEST \| bash -c "$OUTPUT_CMD"

	# filter ClusterRole, ClusterRoleBinding, and ServiceAccount into admin-manifest.json


	jq -S 'select(.kind == "ClusterRole" or .kind == "ClusterRoleBinding" or .kind == "ServiceAccount")' < $MAIN_OUTPUT_MANIFEST > $ADMIN_OUTPUT_MANIFEST

	jq -S 'select(.kind != "ClusterRole" and .kind != "ClusterRoleBinding" and .kind != "ServiceAccount")' < $MAIN_OUTPUT_MANIFEST \| bash -c "$OUTPUT_CMD"

	set +x

	echo
	echo "Successfully converted manifests"
	echo "Output to $MAIN_OUTPUT_MANIFEST and $ADMIN_OUTPUT_MANIFEST"
	echo