-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'main' into TM-142-integrate-amazon-mq-with-helm
- Loading branch information
Showing
9 changed files
with
444 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
name: Build and push image | ||
name: Build and push image [DB Utils] | ||
|
||
on: | ||
push: | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
name: Build and push image [Port Forward Pod] | ||
|
||
on: | ||
push: | ||
workflow_dispatch: | ||
|
||
env: | ||
IMAGE_NAME: hmpps-delius-alfresco-port-forward-pod | ||
|
||
jobs: | ||
build: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: checkout code | ||
uses: actions/checkout@v4 | ||
- name: Log in to the Container registry | ||
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 | ||
with: | ||
registry: ghcr.io | ||
username: ${{ github.actor }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
- name: Extract metadata (tags, labels) for Docker | ||
id: meta | ||
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 | ||
with: | ||
images: ${{ env.IMAGE_NAME }} | ||
- name: Build and push Docker image | ||
if: github.ref == 'refs/heads/main' | ||
uses: docker/build-push-action@5176d81f87c23d6fc96624dfdbcd9f3830bbe445 | ||
with: | ||
context: ./tools/port-forward/ | ||
push: true | ||
tags: ghcr.io/${{ github.repository_owner }}/${{ steps.meta.outputs.tags }}, ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest | ||
labels: ${{ steps.meta.outputs.labels }} | ||
- name: Build and push Docker image | ||
if: github.ref != 'refs/heads/main' | ||
uses: docker/build-push-action@5176d81f87c23d6fc96624dfdbcd9f3830bbe445 | ||
with: | ||
context: ./tools/port-forward/ | ||
push: true | ||
tags: ghcr.io/${{ github.repository_owner }}/${{ steps.meta.outputs.tags }}, ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}-${{ github.run_id }} | ||
labels: ${{ steps.meta.outputs.labels }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
FROM alpine:3 | ||
|
||
RUN apk add --update --no-cache socat \ | ||
&& rm -rf /var/cache/apk/ | ||
|
||
RUN addgroup -g 1001 -S appgroup && \ | ||
adduser -u 1001 -S appuser -G appgroup | ||
|
||
USER 1001 | ||
|
||
CMD ["sh", "-c", "socat tcp-listen:$LOCAL_PORT,reuseaddr,fork tcp:$REMOTE_HOST:$REMOTE_PORT & pid=$! && trap \"kill $pid\" SIGINT && echo \"Socat started listening on $LOCAL_PORT: Redirecting traffic to $REMOTE_HOST:$REMOTE_PORT ($pid)\" && wait $pid"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,74 @@ | ||
# AMQ Connect Script | ||
|
||
This script provides a way to connect to the Amazon MQ (ActiveMQ) console within a specified Kubernetes namespace by setting up port forwarding. The script targets HMPPS Delius Alfresco environments. | ||
|
||
## Usage | ||
|
||
```sh | ||
./amq-connect.sh <env> [local_port] | ||
``` | ||
|
||
- `env`: Required. The environment you want to connect to (e.g., `dev`, `poc`, `prod`). | ||
- `local_port`: Optional. The local port for port forwarding. If not provided, the remote port will be used. | ||
|
||
## Features | ||
|
||
- Automatically determines the appropriate namespace based on the environment provided. | ||
- Retrieves the AMQ console URL from Kubernetes secrets. | ||
- Sets up port forwarding to allow local access to the AMQ console. | ||
|
||
## Environment Mapping | ||
|
||
The environment (`<env>`) parameter maps to Kubernetes namespaces as follows: | ||
|
||
- `poc` -> `hmpps-delius-alfrsco-poc` | ||
- Other environments (e.g., `dev`, `prod`) -> `hmpps-delius-alfresco-<env>` | ||
|
||
## Prerequisites | ||
|
||
- Ensure you have `kubectl` installed and configured to interact with the appropriate Kubernetes cluster. | ||
- Ensure the `jq` utility is installed for JSON parsing. | ||
- Ensure OpenSSL is installed for generating random hex strings. | ||
- Ensure the Docker image `ghcr.io/ministryofjustice/hmpps-delius-alfresco-port-forward-pod:latest` is available and accessible. | ||
|
||
## Steps Performed by the Script | ||
|
||
1. Validate the input and determine the Kubernetes namespace based on the provided environment (`env`). | ||
2. Retrieve the ActiveMQ console URL from the Kubernetes secret `amazon-mq-broker-secret`. | ||
3. Extract the necessary details (protocol, host, and ports) from the URL. | ||
4. Generate a random hex string for unique identification. | ||
5. Create a pod for port forwarding using the Docker image `ghcr.io/ministryofjustice/hmpps-delius-alfresco-port-forward-pod:latest`. | ||
6. Wait for the pod to become ready. | ||
7. Start port forwarding from the remote MQ console to the local machine. | ||
|
||
## Signals and Error Handling | ||
|
||
- The script traps signals for interruption (Ctrl+C) and errors, ensuring proper cleanup of the port-forwarding pod. | ||
- If the script fails at any step or is interrupted, it will delete the port-forward pod and exit gracefully. | ||
|
||
## Example | ||
|
||
```sh | ||
./amq-connect.sh dev 8080 | ||
``` | ||
|
||
This example connects to the `dev` environment and sets up port forwarding from the remote MQ console to local port `8080`. | ||
|
||
## Important Notes | ||
|
||
- The script assumes that the Kubernetes secret `amazon-mq-broker-secret` exists in the target namespace and contains the key `BROKER_CONSOLE_URL`. | ||
- Pressing Ctrl+C will terminate the port-forwarding session and clean up the pod created for this purpose. | ||
|
||
## Cleanup | ||
|
||
The script automatically deletes the created port-forward pod upon script termination or failure. Manual cleanup should not be necessary. | ||
|
||
## Troubleshooting | ||
|
||
- Ensure your Kubernetes context is set correctly to the cluster containing the target namespace. | ||
- Ensure you have the necessary permissions to create and delete pods and retrieve secrets within the namespace. | ||
- Verify the `ghcr.io/ministryofjustice/hmpps-delius-alfresco-port-forward-pod:latest` image is accessible and that your Kubernetes cluster can pull it. | ||
|
||
--- | ||
|
||
This script is useful for developers and engineers who need to access the ActiveMQ console in HMPPS Delius Alfresco environments securely and conveniently. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
#!/usr/bin/env bash | ||
|
||
# trap ctrl-c and call ctrl_c() | ||
trap ctrl_c INT | ||
# trap fail and call fail() | ||
trap fail ERR | ||
|
||
main() { | ||
env=$1 | ||
if [ "$env" == "poc" ]; then | ||
namespace="hmpps-delius-alfrsco-${env}" | ||
else | ||
namespace="hmpps-delius-alfresco-${env}" | ||
fi | ||
echo "Connecting to AMQ Console in namespace $namespace" | ||
|
||
# get amq connection url | ||
URL=$(kubectl get secrets amazon-mq-broker-secret --namespace ${namespace} -o json | jq -r ".data.BROKER_CONSOLE_URL | @base64d") | ||
# extract host and port | ||
HOST=$(echo $URL | cut -d '/' -f 3 | cut -d ':' -f 1) | ||
# extract protocol | ||
PROTOCOL=$(echo $URL | awk -F'://' '{print $1}') | ||
# extract remote port | ||
REMOTE_PORT=$(echo $URL | cut -d '/' -f 3 | cut -d ':' -f 2) | ||
# if custom local port not provided, use remote port | ||
if [ -z "$2" ]; then | ||
LOCAL_PORT=$REMOTE_PORT | ||
else | ||
LOCAL_PORT=$2 | ||
fi | ||
# generate random hex string | ||
RANDOM_HEX=$(openssl rand -hex 4) | ||
# start port forwarding | ||
kubectl run port-forward-pod-${RANDOM_HEX} --image=ghcr.io/ministryofjustice/hmpps-delius-alfresco-port-forward-pod:latest --port ${LOCAL_PORT} --env="REMOTE_HOST=$HOST" --env="LOCAL_PORT=$LOCAL_PORT" --env="REMOTE_PORT=$REMOTE_PORT" --namespace ${namespace}; | ||
# wait for pod to start | ||
kubectl wait --for=condition=ready pod/port-forward-pod-${RANDOM_HEX} --timeout=30s --namespace ${namespace} | ||
printf "\nPort forwarding started, connecting to $HOST:$REMOTE_PORT \n" | ||
printf "\n****************************************************\n" | ||
printf "Connect to ${PROTOCOL}://localhost:$LOCAL_PORT locally\n" | ||
printf "Press Ctrl+C to stop port forwarding \n" | ||
printf "****************************************************\n\n" | ||
# start the local port forwarding session | ||
kubectl port-forward --namespace ${namespace} port-forward-pod-${RANDOM_HEX} $LOCAL_PORT:$LOCAL_PORT; | ||
} | ||
|
||
fail() { | ||
printf "\n\nPort forwarding failed" | ||
kubectl delete pod port-forward-pod-${RANDOM_HEX} --force --grace-period=0 --namespace ${namespace} | ||
exit 1 | ||
} | ||
ctrl_c() { | ||
printf "\n\nStopping port forwarding" | ||
kubectl delete pod port-forward-pod-${RANDOM_HEX} --force --grace-period=0 --namespace ${namespace} | ||
exit 0 | ||
} | ||
|
||
if [ -z "$1" ]; then | ||
echo "env not provided" | ||
echo "Usage: amq-connect.sh <env>" | ||
exit 1 | ||
fi | ||
main $1 $2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
# Opensearch Connect Script | ||
|
||
This script provides a convenient way to connect to the Opensearch service within a specified Kubernetes namespace by setting up port forwarding. The script targets HMPPS Delius Alfresco environments. | ||
|
||
## Usage | ||
|
||
```sh | ||
./opensearch-connect.sh <env> [local_port] | ||
``` | ||
|
||
- `env`: Required. The environment you want to connect to (e.g., `dev`, `poc`, `prod`). | ||
- `local_port`: Optional. The local port for port forwarding (defaults to `8080` if not specified). | ||
|
||
## Features | ||
|
||
- Automatically determines the appropriate namespace based on the environment provided. | ||
- Identifies the pod running the Opensearch proxy within the namespace. | ||
- Sets up port forwarding to allow local access to the Opensearch service. | ||
|
||
## Environment Mapping | ||
|
||
The environment (`<env>`) parameter maps to Kubernetes namespaces as follows: | ||
|
||
- `poc` -> `hmpps-delius-alfrsco-poc` | ||
- Other environments (e.g., `dev`, `prod`) -> `hmpps-delius-alfresco-<env>` | ||
|
||
## Prerequisites | ||
|
||
- Ensure you have `kubectl` installed and configured to interact with the appropriate Kubernetes cluster. | ||
|
||
## Steps Performed by the Script | ||
|
||
1. Validate the input and determine the Kubernetes namespace based on the provided environment (`env`). | ||
2. Identify the Opensearch proxy pod running in the target namespace. | ||
3. Set up port forwarding from the specified or default local port (`8080`) to the Opensearch service. | ||
|
||
## Signals and Error Handling | ||
|
||
- The script traps signals for interruption (Ctrl+C) and errors, ensuring graceful exit. | ||
- If the script fails at any step or is interrupted, it will terminate the port-forwarding session and exit gracefully. | ||
|
||
## Example | ||
|
||
```sh | ||
./opensearch-connect.sh dev 9090 | ||
``` | ||
|
||
This example connects to the `dev` environment and sets up port forwarding from the remote Opensearch service to local port `9090`. | ||
|
||
## Important Notes | ||
|
||
- The script assumes that the target namespace contains a pod with the name containing `opensearch-proxy-cloud-platform`. | ||
- Pressing Ctrl+C will terminate the port-forwarding session. | ||
|
||
## Cleanup | ||
|
||
The script does not create any resources that require manual cleanup. The local port forwarding session will terminate upon script exit. | ||
|
||
## Troubleshooting | ||
|
||
- Ensure your Kubernetes context is set correctly to the cluster containing the target namespace. | ||
- Ensure you have the necessary permissions to retrieve pods within the namespace. | ||
|
||
--- | ||
|
||
This script is useful for developers and engineers who need to access the Opensearch service in HMPPS Delius Alfresco environments securely and conveniently. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
#!/usr/bin/env bash | ||
|
||
# trap ctrl-c and call ctrl_c() | ||
trap ctrl_c INT | ||
# trap fail and call fail() | ||
trap fail ERR | ||
|
||
main() { | ||
env=$1 | ||
|
||
if [ "$env" == "poc" ]; then | ||
namespace="hmpps-delius-alfrsco-${env}" | ||
else | ||
namespace="hmpps-delius-alfresco-${env}" | ||
fi | ||
echo "Connecting to Opensearch in namespace $namespace" | ||
|
||
if [ -z "$2" ]; then | ||
PORT=8080 | ||
else | ||
PORT=$2 | ||
fi | ||
|
||
# get opensearch proxy pod name | ||
OPENSEARCH_PROXY_POD=$(kubectl get pods | grep 'opensearch-proxy-cloud-platform' | awk '{print $1}') | ||
printf "\n****************************************************\n" | ||
printf "Connect to http://localhost:$PORT locally\n" | ||
printf "Press Ctrl+C to stop port forwarding \n" | ||
printf "****************************************************\n\n" | ||
# start the local port forwarding session | ||
kubectl port-forward $OPENSEARCH_PROXY_POD $PORT:8080 --namespace ${namespace} | ||
} | ||
|
||
fail() { | ||
printf "\n\nPort forwarding failed" | ||
exit 1 | ||
} | ||
ctrl_c() { | ||
printf "\n\nStopping port forwarding" | ||
exit 0 | ||
} | ||
|
||
if [ -z "$1" ]; then | ||
echo "env not provided" | ||
echo "Usage: opensearch-connect.sh <env>" | ||
exit 1 | ||
fi | ||
main $1 $2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,74 @@ | ||
# RDS Connect Script | ||
|
||
This script provides a convenient way to connect to an RDS (Relational Database Service) instance within a specified Kubernetes namespace by setting up port forwarding. The script targets HMPPS Delius Alfresco environments. | ||
|
||
## Usage | ||
|
||
```sh | ||
./rds-connect.sh <env> [local_port] | ||
``` | ||
|
||
- `env`: Required. The environment you want to connect to (e.g., `dev`, `poc`, `prod`). | ||
- `local_port`: Optional. The local port for port forwarding (defaults to the remote port if not specified). | ||
|
||
## Features | ||
|
||
- Automatically determines the appropriate namespace based on the environment provided. | ||
- Retrieves the RDS JDBC URL from Kubernetes secrets. | ||
- Sets up port forwarding to allow local access to the RDS instance. | ||
|
||
## Environment Mapping | ||
|
||
The environment (`<env>`) parameter maps to Kubernetes namespaces as follows: | ||
|
||
- `poc` -> `hmpps-delius-alfrsco-poc` | ||
- Other environments (e.g., `dev`, `prod`) -> `hmpps-delius-alfresco-<env>` | ||
|
||
## Prerequisites | ||
|
||
- Ensure you have `kubectl` installed and configured to interact with the appropriate Kubernetes cluster. | ||
- Ensure the `jq` utility is installed for JSON parsing. | ||
- Ensure OpenSSL is installed for generating random hex strings. | ||
- Ensure the Docker image `ghcr.io/ministryofjustice/hmpps-delius-alfresco-port-forward-pod:latest` is available and accessible. | ||
|
||
## Steps Performed by the Script | ||
|
||
1. Validate the input and determine the Kubernetes namespace based on the provided environment (`env`). | ||
2. Retrieve the RDS JDBC URL from the Kubernetes secret `rds-instance-output`. | ||
3. Extract the necessary details (protocol, host, ports, and database name) from the URL. | ||
4. Generate a random hex string for unique identification. | ||
5. Create a pod for port forwarding using the Docker image `ghcr.io/ministryofjustice/hmpps-delius-alfresco-port-forward-pod:latest`. | ||
6. Wait for the pod to become ready. | ||
7. Start port forwarding from the remote RDS instance to the local machine. | ||
|
||
## Signals and Error Handling | ||
|
||
- The script traps signals for interruption (Ctrl+C) and errors, ensuring proper cleanup of the port-forwarding pod. | ||
- If the script fails at any step or is interrupted, it will delete the port-forward pod and exit gracefully. | ||
|
||
## Example | ||
|
||
```sh | ||
./rds-connect.sh dev 5432 | ||
``` | ||
|
||
This example connects to the `dev` environment and sets up port forwarding from the remote RDS instance to local port `5432`. | ||
|
||
## Important Notes | ||
|
||
- The script assumes that the Kubernetes secret `rds-instance-output` exists in the target namespace and contains the key `RDS_JDBC_URL`. | ||
- Pressing Ctrl+C will terminate the port-forwarding session and clean up the pod created for this purpose. | ||
|
||
## Cleanup | ||
|
||
The script automatically deletes the created port-forward pod upon script termination or failure. Manual cleanup should not be necessary. | ||
|
||
## Troubleshooting | ||
|
||
- Ensure your Kubernetes context is set correctly to the cluster containing the target namespace. | ||
- Ensure you have the necessary permissions to create and delete pods and retrieve secrets within the namespace. | ||
- Verify the `ghcr.io/ministryofjustice/hmpps-delius-alfresco-port-forward-pod:latest` image is accessible and that your Kubernetes cluster can pull it. | ||
|
||
--- | ||
|
||
This script is useful for developers and engineers who need to access the RDS instance in HMPPS Delius Alfresco environments securely and conveniently. |
Oops, something went wrong.