4
0
Fork 2
mirror of https://gerrit.hackerspace.pl/hscloud synced 2025-01-20 15:13:53 +00:00
hscloud/cluster/clustercfg/cmd_gencerts.go
radex 274e70f557 cluster/clustercfg: add multi-cluster support
Change-Id: I01fa3c40ac00cfa022d438163ba9e2d3ef66ac72
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/2090
Reviewed-by: q3k <q3k@hackerspace.pl>
2025-01-08 19:11:17 +00:00

77 lines
2.2 KiB
Go

package main
import (
"log"
"path/filepath"
"strings"
"github.com/spf13/cobra"
"code.hackerspace.pl/hscloud/cluster/clustercfg/certs"
"code.hackerspace.pl/hscloud/cluster/clustercfg/clusters"
"code.hackerspace.pl/hscloud/go/workspace"
)
var flagFQDNs []string
var gencertsCmd = &cobra.Command{
Use: "gencerts",
Short: "(re)generate keys/certs for a hscloud cluster",
Long: `
If you're adding a new cluster node, run this. It will populate the appropriate
certs/secrets folders with new certs/keys.
By default, the nodes to generate certificates for are automatically discovered
by querying the local Nix machines defined in //ops, looking for anything that
has hscloud.kube.controller.enabled. That can be slow and/or incorrect. To override
node names, set --fqdn (either comma-separate them or repeat flags).
`,
Run: func(cmd *cobra.Command, args []string) {
ws, err := workspace.Get()
if err != nil {
log.Fatalf("Could not figure out workspace: %v", err)
}
clusterName := flagCluster
cluster, ok := clusters.Clusters[clusterName]
if !ok {
log.Fatalf("Unknown cluster: %q", clusterName)
}
fqdns := flagFQDNs
if len(fqdns) == 0 {
log.Printf("--fqdn not set, figuring out machines from Nix...")
if clusterName != "k0" {
log.Fatalf("Only k0 cluster supported for automatic machine discovery.")
}
err = workspace.EvalHscloudNix(cmd.Context(), &fqdns, "ops.exports.kubeMachineNames")
if err != nil {
log.Fatalf("Could not figure out Kubernetes machine FQDNs: %v", err)
}
}
for _, fqdn := range fqdns {
parts := strings.Split(fqdn, ".")
if len(parts) != 3 || parts[1] != "hswaw" || parts[2] != "net" {
log.Fatalf("Invalid FQDN %q: must be xxx.hswaw.net.", fqdn)
}
}
log.Printf("Cluster: -c %s", clusterName)
log.Printf("Machines: --fqdn %s", strings.Join(fqdns, ","))
path := filepath.Join(ws, "cluster")
c := certs.Prepare(path, cluster, fqdns)
if err := c.Ensure(); err != nil {
log.Fatalf("Failed: %v", err)
}
log.Printf("Done.")
},
}
func init() {
gencertsCmd.Flags().StringSliceVar(&flagFQDNs, "fqdn", nil, "List of machine FQDNs to generate certs for. If not set, will be automatically figured out from Nix modules in local checkout (slow).")
rootCmd.AddCommand(gencertsCmd)
}