hbjydev/cluster.go Secret

## cluster.go
package symbiosis

import (
	"github.com/kuraudo-io/pulumi-symbiosis/sdk/go/symbiosis"
	"github.com/oun/pulumi-flux/sdk/go/flux"
	"github.com/pulumi/pulumi-github/sdk/v4/go/github"
	corev1 "github.com/pulumi/pulumi-kubernetes/sdk/v3/go/kubernetes/core/v1"
	v1 "github.com/pulumi/pulumi-kubernetes/sdk/v3/go/kubernetes/meta/v1"
	k8syaml "github.com/pulumi/pulumi-kubernetes/sdk/v3/go/kubernetes/yaml"
	"github.com/pulumi/pulumi-tls/sdk/v4/go/tls"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

type NodePool struct {
	Name  string
	Size  string
	Count int
}

type NewClusterArgs struct {
	Name  string
	Pools []NodePool
}

func NewCluster(ctx *pulumi.Context, args NewClusterArgs) error {
	c, err := symbiosis.NewCluster(ctx, args.Name, &symbiosis.ClusterArgs{
		KubeVersion: pulumi.String("latest"),
		Region:      pulumi.String("germany-1"),
	}, pulumi.Protect(true))
	if err != nil {
		return err
	}

	for _, pool := range args.Pools {
		err = NewNodePool(ctx, args, pool, c.Name)
		if err != nil {
			return err
		}
	}

	privkey, err := tls.NewPrivateKey(ctx, args.Name+"-flux-privkey", &tls.PrivateKeyArgs{
		Algorithm: pulumi.String("ED25519"),
	})
	if err != nil {
		return err
	}

	_, err = github.NewRepositoryDeployKey(ctx, args.Name+"-flux-depkey", &github.RepositoryDeployKeyArgs{
		Title:      pulumi.String("flux deploy key " + args.Name),
		Key:        privkey.PrivateKeyOpenssh,
		Repository: pulumi.String("gitops"),
		ReadOnly:   pulumi.Bool(true),
	})
	if err != nil {
		return err
	}

	targetPath := "clusters/" + args.Name

	fluxInstall, err := flux.GetFluxInstall(ctx, &flux.GetFluxInstallArgs{
		TargetPath: targetPath,
	})
	if err != nil {
		return err
	}

	fluxSync, err := flux.GetFluxSync(ctx, &flux.GetFluxSyncArgs{
		TargetPath: targetPath,
		Url:        "ssh://git@github.com/kuraudo-io/gitops.git",
	})
	if err != nil {
		return err
	}

	install, err := k8syaml.NewConfigGroup(ctx, args.Name+"-flux-install", &k8syaml.ConfigGroupArgs{
		YAML: []string{fluxInstall.Content},
	})
	if err != nil {
		return err
	}

	_, err = k8syaml.NewConfigGroup(ctx, args.Name+"-flux-sync", &k8syaml.ConfigGroupArgs{
		YAML: []string{fluxSync.Content},
	})
	if err != nil {
		return err
	}

	_, err = corev1.NewSecret(
		ctx,
		args.Name+"-flux-secret",
		&corev1.SecretArgs{
			Metadata: v1.ObjectMetaPtr(&v1.ObjectMetaArgs{
				Name:      pulumi.String(*fluxSync.Secret),
				Namespace: pulumi.String(*fluxSync.Namespace),
			}),
			StringData: pulumi.StringMap{
				"identity":     privkey.PrivateKeyPem,
				"identity.pub": privkey.PrivateKeyOpenssh,
				"known_hosts":  pulumi.String("github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg="),
			},
		},
		pulumi.DependsOn([]pulumi.Resource{install}),
	)
	if err != nil {
		return err
	}

	_, err = github.NewRepositoryFile(ctx, args.Name+"-flux-install-file", &github.RepositoryFileArgs{
		Repository: pulumi.String("gitops"),
		File:       pulumi.String(fluxInstall.Path),
		Content:    pulumi.String(fluxInstall.Content),
	})
	if err != nil {
		return err
	}

	_, err = github.NewRepositoryFile(ctx, args.Name+"-flux-sync-file", &github.RepositoryFileArgs{
		Repository: pulumi.String("gitops"),
		File:       pulumi.String(fluxSync.Path),
		Content:    pulumi.String(fluxSync.Content),
	})
	if err != nil {
		return err
	}

	return nil
}

func NewNodePool(
	ctx *pulumi.Context,
	cluster NewClusterArgs,
	pool NodePool,
	clusterName pulumi.StringOutput,
) error {
	utmName := cluster.Name + "-" + pool.Name

	_, err := symbiosis.NewNodePool(ctx, utmName, &symbiosis.NodePoolArgs{
		Cluster:  clusterName,
		NodeType: pulumi.String(pool.Size),
		Quantity: pulumi.Int(pool.Count),
	}, pulumi.Protect(true))
	if err != nil {
		return err
	}
	return nil
}
	package symbiosis

	import (
	"github.com/kuraudo-io/pulumi-symbiosis/sdk/go/symbiosis"
	"github.com/oun/pulumi-flux/sdk/go/flux"
	"github.com/pulumi/pulumi-github/sdk/v4/go/github"
	corev1 "github.com/pulumi/pulumi-kubernetes/sdk/v3/go/kubernetes/core/v1"
	v1 "github.com/pulumi/pulumi-kubernetes/sdk/v3/go/kubernetes/meta/v1"
	k8syaml "github.com/pulumi/pulumi-kubernetes/sdk/v3/go/kubernetes/yaml"
	"github.com/pulumi/pulumi-tls/sdk/v4/go/tls"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	)

	type NodePool struct {
	Name string
	Size string
	Count int
	}

	type NewClusterArgs struct {
	Name string
	Pools []NodePool
	}

	func NewCluster(ctx *pulumi.Context, args NewClusterArgs) error {
	c, err := symbiosis.NewCluster(ctx, args.Name, &symbiosis.ClusterArgs{
	KubeVersion: pulumi.String("latest"),
	Region: pulumi.String("germany-1"),
	}, pulumi.Protect(true))
	if err != nil {
	return err
	}

	for _, pool := range args.Pools {
	err = NewNodePool(ctx, args, pool, c.Name)
	if err != nil {
	return err
	}
	}

	privkey, err := tls.NewPrivateKey(ctx, args.Name+"-flux-privkey", &tls.PrivateKeyArgs{
	Algorithm: pulumi.String("ED25519"),
	})
	if err != nil {
	return err
	}

	_, err = github.NewRepositoryDeployKey(ctx, args.Name+"-flux-depkey", &github.RepositoryDeployKeyArgs{
	Title: pulumi.String("flux deploy key " + args.Name),
	Key: privkey.PrivateKeyOpenssh,
	Repository: pulumi.String("gitops"),
	ReadOnly: pulumi.Bool(true),
	})
	if err != nil {
	return err
	}

	targetPath := "clusters/" + args.Name

	fluxInstall, err := flux.GetFluxInstall(ctx, &flux.GetFluxInstallArgs{
	TargetPath: targetPath,
	})
	if err != nil {
	return err
	}

	fluxSync, err := flux.GetFluxSync(ctx, &flux.GetFluxSyncArgs{
	TargetPath: targetPath,
	Url: "ssh://git@github.com/kuraudo-io/gitops.git",
	})
	if err != nil {
	return err
	}

	install, err := k8syaml.NewConfigGroup(ctx, args.Name+"-flux-install", &k8syaml.ConfigGroupArgs{
	YAML: []string{fluxInstall.Content},
	})
	if err != nil {
	return err
	}

	_, err = k8syaml.NewConfigGroup(ctx, args.Name+"-flux-sync", &k8syaml.ConfigGroupArgs{
	YAML: []string{fluxSync.Content},
	})
	if err != nil {
	return err
	}

	_, err = corev1.NewSecret(
	ctx,
	args.Name+"-flux-secret",
	&corev1.SecretArgs{
	Metadata: v1.ObjectMetaPtr(&v1.ObjectMetaArgs{
	Name: pulumi.String(*fluxSync.Secret),
	Namespace: pulumi.String(*fluxSync.Namespace),
	}),
	StringData: pulumi.StringMap{
	"identity": privkey.PrivateKeyPem,
	"identity.pub": privkey.PrivateKeyOpenssh,
	"known_hosts": pulumi.String("github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg="),
	},
	},
	pulumi.DependsOn([]pulumi.Resource{install}),
	)
	if err != nil {
	return err
	}

	_, err = github.NewRepositoryFile(ctx, args.Name+"-flux-install-file", &github.RepositoryFileArgs{
	Repository: pulumi.String("gitops"),
	File: pulumi.String(fluxInstall.Path),
	Content: pulumi.String(fluxInstall.Content),
	})
	if err != nil {
	return err
	}

	_, err = github.NewRepositoryFile(ctx, args.Name+"-flux-sync-file", &github.RepositoryFileArgs{
	Repository: pulumi.String("gitops"),
	File: pulumi.String(fluxSync.Path),
	Content: pulumi.String(fluxSync.Content),
	})
	if err != nil {
	return err
	}

	return nil
	}

	func NewNodePool(
	ctx *pulumi.Context,
	cluster NewClusterArgs,
	pool NodePool,
	clusterName pulumi.StringOutput,
	) error {
	utmName := cluster.Name + "-" + pool.Name

	_, err := symbiosis.NewNodePool(ctx, utmName, &symbiosis.NodePoolArgs{
	Cluster: clusterName,
	NodeType: pulumi.String(pool.Size),
	Quantity: pulumi.Int(pool.Count),
	}, pulumi.Protect(true))
	if err != nil {
	return err
	}
	return nil
	}