Skip to content

Commit

Permalink
Merge branch 'main' into TM-142-integrate-amazon-mq-with-helm
Browse files Browse the repository at this point in the history
  • Loading branch information
georgepstaylor committed Sep 3, 2024
2 parents c511d7b + 7457f4e commit 9c67be5
Show file tree
Hide file tree
Showing 9 changed files with 444 additions and 1 deletion.
2 changes: 1 addition & 1 deletion .github/workflows/build-push-db-utils.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: Build and push image
name: Build and push image [DB Utils]

on:
push:
Expand Down
42 changes: 42 additions & 0 deletions .github/workflows/build-push-pf-pod.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
name: Build and push image [Port Forward Pod]

on:
push:
workflow_dispatch:

env:
IMAGE_NAME: hmpps-delius-alfresco-port-forward-pod

jobs:
build:
runs-on: ubuntu-latest
steps:
- name: checkout code
uses: actions/checkout@v4
- name: Log in to the Container registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81
with:
images: ${{ env.IMAGE_NAME }}
- name: Build and push Docker image
if: github.ref == 'refs/heads/main'
uses: docker/build-push-action@5176d81f87c23d6fc96624dfdbcd9f3830bbe445
with:
context: ./tools/port-forward/
push: true
tags: ghcr.io/${{ github.repository_owner }}/${{ steps.meta.outputs.tags }}, ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest
labels: ${{ steps.meta.outputs.labels }}
- name: Build and push Docker image
if: github.ref != 'refs/heads/main'
uses: docker/build-push-action@5176d81f87c23d6fc96624dfdbcd9f3830bbe445
with:
context: ./tools/port-forward/
push: true
tags: ghcr.io/${{ github.repository_owner }}/${{ steps.meta.outputs.tags }}, ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}-${{ github.run_id }}
labels: ${{ steps.meta.outputs.labels }}
11 changes: 11 additions & 0 deletions tools/port-forward/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
FROM alpine:3

RUN apk add --update --no-cache socat \
&& rm -rf /var/cache/apk/

RUN addgroup -g 1001 -S appgroup && \
adduser -u 1001 -S appuser -G appgroup

USER 1001

CMD ["sh", "-c", "socat tcp-listen:$LOCAL_PORT,reuseaddr,fork tcp:$REMOTE_HOST:$REMOTE_PORT & pid=$! && trap \"kill $pid\" SIGINT && echo \"Socat started listening on $LOCAL_PORT: Redirecting traffic to $REMOTE_HOST:$REMOTE_PORT ($pid)\" && wait $pid"]
74 changes: 74 additions & 0 deletions tools/scripts/amq-connect.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
# AMQ Connect Script

This script provides a way to connect to the Amazon MQ (ActiveMQ) console within a specified Kubernetes namespace by setting up port forwarding. The script targets HMPPS Delius Alfresco environments.

## Usage

```sh
./amq-connect.sh <env> [local_port]
```

- `env`: Required. The environment you want to connect to (e.g., `dev`, `poc`, `prod`).
- `local_port`: Optional. The local port for port forwarding. If not provided, the remote port will be used.

## Features

- Automatically determines the appropriate namespace based on the environment provided.
- Retrieves the AMQ console URL from Kubernetes secrets.
- Sets up port forwarding to allow local access to the AMQ console.

## Environment Mapping

The environment (`<env>`) parameter maps to Kubernetes namespaces as follows:

- `poc` -> `hmpps-delius-alfrsco-poc`
- Other environments (e.g., `dev`, `prod`) -> `hmpps-delius-alfresco-<env>`

## Prerequisites

- Ensure you have `kubectl` installed and configured to interact with the appropriate Kubernetes cluster.
- Ensure the `jq` utility is installed for JSON parsing.
- Ensure OpenSSL is installed for generating random hex strings.
- Ensure the Docker image `ghcr.io/ministryofjustice/hmpps-delius-alfresco-port-forward-pod:latest` is available and accessible.

## Steps Performed by the Script

1. Validate the input and determine the Kubernetes namespace based on the provided environment (`env`).
2. Retrieve the ActiveMQ console URL from the Kubernetes secret `amazon-mq-broker-secret`.
3. Extract the necessary details (protocol, host, and ports) from the URL.
4. Generate a random hex string for unique identification.
5. Create a pod for port forwarding using the Docker image `ghcr.io/ministryofjustice/hmpps-delius-alfresco-port-forward-pod:latest`.
6. Wait for the pod to become ready.
7. Start port forwarding from the remote MQ console to the local machine.

## Signals and Error Handling

- The script traps signals for interruption (Ctrl+C) and errors, ensuring proper cleanup of the port-forwarding pod.
- If the script fails at any step or is interrupted, it will delete the port-forward pod and exit gracefully.

## Example

```sh
./amq-connect.sh dev 8080
```

This example connects to the `dev` environment and sets up port forwarding from the remote MQ console to local port `8080`.

## Important Notes

- The script assumes that the Kubernetes secret `amazon-mq-broker-secret` exists in the target namespace and contains the key `BROKER_CONSOLE_URL`.
- Pressing Ctrl+C will terminate the port-forwarding session and clean up the pod created for this purpose.

## Cleanup

The script automatically deletes the created port-forward pod upon script termination or failure. Manual cleanup should not be necessary.

## Troubleshooting

- Ensure your Kubernetes context is set correctly to the cluster containing the target namespace.
- Ensure you have the necessary permissions to create and delete pods and retrieve secrets within the namespace.
- Verify the `ghcr.io/ministryofjustice/hmpps-delius-alfresco-port-forward-pod:latest` image is accessible and that your Kubernetes cluster can pull it.

---

This script is useful for developers and engineers who need to access the ActiveMQ console in HMPPS Delius Alfresco environments securely and conveniently.
62 changes: 62 additions & 0 deletions tools/scripts/amq-connect.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
#!/usr/bin/env bash

# trap ctrl-c and call ctrl_c()
trap ctrl_c INT
# trap fail and call fail()
trap fail ERR

main() {
env=$1
if [ "$env" == "poc" ]; then
namespace="hmpps-delius-alfrsco-${env}"
else
namespace="hmpps-delius-alfresco-${env}"
fi
echo "Connecting to AMQ Console in namespace $namespace"

# get amq connection url
URL=$(kubectl get secrets amazon-mq-broker-secret --namespace ${namespace} -o json | jq -r ".data.BROKER_CONSOLE_URL | @base64d")
# extract host and port
HOST=$(echo $URL | cut -d '/' -f 3 | cut -d ':' -f 1)
# extract protocol
PROTOCOL=$(echo $URL | awk -F'://' '{print $1}')
# extract remote port
REMOTE_PORT=$(echo $URL | cut -d '/' -f 3 | cut -d ':' -f 2)
# if custom local port not provided, use remote port
if [ -z "$2" ]; then
LOCAL_PORT=$REMOTE_PORT
else
LOCAL_PORT=$2
fi
# generate random hex string
RANDOM_HEX=$(openssl rand -hex 4)
# start port forwarding
kubectl run port-forward-pod-${RANDOM_HEX} --image=ghcr.io/ministryofjustice/hmpps-delius-alfresco-port-forward-pod:latest --port ${LOCAL_PORT} --env="REMOTE_HOST=$HOST" --env="LOCAL_PORT=$LOCAL_PORT" --env="REMOTE_PORT=$REMOTE_PORT" --namespace ${namespace};
# wait for pod to start
kubectl wait --for=condition=ready pod/port-forward-pod-${RANDOM_HEX} --timeout=30s --namespace ${namespace}
printf "\nPort forwarding started, connecting to $HOST:$REMOTE_PORT \n"
printf "\n****************************************************\n"
printf "Connect to ${PROTOCOL}://localhost:$LOCAL_PORT locally\n"
printf "Press Ctrl+C to stop port forwarding \n"
printf "****************************************************\n\n"
# start the local port forwarding session
kubectl port-forward --namespace ${namespace} port-forward-pod-${RANDOM_HEX} $LOCAL_PORT:$LOCAL_PORT;
}

fail() {
printf "\n\nPort forwarding failed"
kubectl delete pod port-forward-pod-${RANDOM_HEX} --force --grace-period=0 --namespace ${namespace}
exit 1
}
ctrl_c() {
printf "\n\nStopping port forwarding"
kubectl delete pod port-forward-pod-${RANDOM_HEX} --force --grace-period=0 --namespace ${namespace}
exit 0
}

if [ -z "$1" ]; then
echo "env not provided"
echo "Usage: amq-connect.sh <env>"
exit 1
fi
main $1 $2
66 changes: 66 additions & 0 deletions tools/scripts/opensearch-connect.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
# Opensearch Connect Script

This script provides a convenient way to connect to the Opensearch service within a specified Kubernetes namespace by setting up port forwarding. The script targets HMPPS Delius Alfresco environments.

## Usage

```sh
./opensearch-connect.sh <env> [local_port]
```

- `env`: Required. The environment you want to connect to (e.g., `dev`, `poc`, `prod`).
- `local_port`: Optional. The local port for port forwarding (defaults to `8080` if not specified).

## Features

- Automatically determines the appropriate namespace based on the environment provided.
- Identifies the pod running the Opensearch proxy within the namespace.
- Sets up port forwarding to allow local access to the Opensearch service.

## Environment Mapping

The environment (`<env>`) parameter maps to Kubernetes namespaces as follows:

- `poc` -> `hmpps-delius-alfrsco-poc`
- Other environments (e.g., `dev`, `prod`) -> `hmpps-delius-alfresco-<env>`

## Prerequisites

- Ensure you have `kubectl` installed and configured to interact with the appropriate Kubernetes cluster.

## Steps Performed by the Script

1. Validate the input and determine the Kubernetes namespace based on the provided environment (`env`).
2. Identify the Opensearch proxy pod running in the target namespace.
3. Set up port forwarding from the specified or default local port (`8080`) to the Opensearch service.

## Signals and Error Handling

- The script traps signals for interruption (Ctrl+C) and errors, ensuring graceful exit.
- If the script fails at any step or is interrupted, it will terminate the port-forwarding session and exit gracefully.

## Example

```sh
./opensearch-connect.sh dev 9090
```

This example connects to the `dev` environment and sets up port forwarding from the remote Opensearch service to local port `9090`.

## Important Notes

- The script assumes that the target namespace contains a pod with the name containing `opensearch-proxy-cloud-platform`.
- Pressing Ctrl+C will terminate the port-forwarding session.

## Cleanup

The script does not create any resources that require manual cleanup. The local port forwarding session will terminate upon script exit.

## Troubleshooting

- Ensure your Kubernetes context is set correctly to the cluster containing the target namespace.
- Ensure you have the necessary permissions to retrieve pods within the namespace.

---

This script is useful for developers and engineers who need to access the Opensearch service in HMPPS Delius Alfresco environments securely and conveniently.
48 changes: 48 additions & 0 deletions tools/scripts/opensearch-connect.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
#!/usr/bin/env bash

# trap ctrl-c and call ctrl_c()
trap ctrl_c INT
# trap fail and call fail()
trap fail ERR

main() {
env=$1

if [ "$env" == "poc" ]; then
namespace="hmpps-delius-alfrsco-${env}"
else
namespace="hmpps-delius-alfresco-${env}"
fi
echo "Connecting to Opensearch in namespace $namespace"

if [ -z "$2" ]; then
PORT=8080
else
PORT=$2
fi

# get opensearch proxy pod name
OPENSEARCH_PROXY_POD=$(kubectl get pods | grep 'opensearch-proxy-cloud-platform' | awk '{print $1}')
printf "\n****************************************************\n"
printf "Connect to http://localhost:$PORT locally\n"
printf "Press Ctrl+C to stop port forwarding \n"
printf "****************************************************\n\n"
# start the local port forwarding session
kubectl port-forward $OPENSEARCH_PROXY_POD $PORT:8080 --namespace ${namespace}
}

fail() {
printf "\n\nPort forwarding failed"
exit 1
}
ctrl_c() {
printf "\n\nStopping port forwarding"
exit 0
}

if [ -z "$1" ]; then
echo "env not provided"
echo "Usage: opensearch-connect.sh <env>"
exit 1
fi
main $1 $2
74 changes: 74 additions & 0 deletions tools/scripts/rds-connect.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
# RDS Connect Script

This script provides a convenient way to connect to an RDS (Relational Database Service) instance within a specified Kubernetes namespace by setting up port forwarding. The script targets HMPPS Delius Alfresco environments.

## Usage

```sh
./rds-connect.sh <env> [local_port]
```

- `env`: Required. The environment you want to connect to (e.g., `dev`, `poc`, `prod`).
- `local_port`: Optional. The local port for port forwarding (defaults to the remote port if not specified).

## Features

- Automatically determines the appropriate namespace based on the environment provided.
- Retrieves the RDS JDBC URL from Kubernetes secrets.
- Sets up port forwarding to allow local access to the RDS instance.

## Environment Mapping

The environment (`<env>`) parameter maps to Kubernetes namespaces as follows:

- `poc` -> `hmpps-delius-alfrsco-poc`
- Other environments (e.g., `dev`, `prod`) -> `hmpps-delius-alfresco-<env>`

## Prerequisites

- Ensure you have `kubectl` installed and configured to interact with the appropriate Kubernetes cluster.
- Ensure the `jq` utility is installed for JSON parsing.
- Ensure OpenSSL is installed for generating random hex strings.
- Ensure the Docker image `ghcr.io/ministryofjustice/hmpps-delius-alfresco-port-forward-pod:latest` is available and accessible.

## Steps Performed by the Script

1. Validate the input and determine the Kubernetes namespace based on the provided environment (`env`).
2. Retrieve the RDS JDBC URL from the Kubernetes secret `rds-instance-output`.
3. Extract the necessary details (protocol, host, ports, and database name) from the URL.
4. Generate a random hex string for unique identification.
5. Create a pod for port forwarding using the Docker image `ghcr.io/ministryofjustice/hmpps-delius-alfresco-port-forward-pod:latest`.
6. Wait for the pod to become ready.
7. Start port forwarding from the remote RDS instance to the local machine.

## Signals and Error Handling

- The script traps signals for interruption (Ctrl+C) and errors, ensuring proper cleanup of the port-forwarding pod.
- If the script fails at any step or is interrupted, it will delete the port-forward pod and exit gracefully.

## Example

```sh
./rds-connect.sh dev 5432
```

This example connects to the `dev` environment and sets up port forwarding from the remote RDS instance to local port `5432`.

## Important Notes

- The script assumes that the Kubernetes secret `rds-instance-output` exists in the target namespace and contains the key `RDS_JDBC_URL`.
- Pressing Ctrl+C will terminate the port-forwarding session and clean up the pod created for this purpose.

## Cleanup

The script automatically deletes the created port-forward pod upon script termination or failure. Manual cleanup should not be necessary.

## Troubleshooting

- Ensure your Kubernetes context is set correctly to the cluster containing the target namespace.
- Ensure you have the necessary permissions to create and delete pods and retrieve secrets within the namespace.
- Verify the `ghcr.io/ministryofjustice/hmpps-delius-alfresco-port-forward-pod:latest` image is accessible and that your Kubernetes cluster can pull it.

---

This script is useful for developers and engineers who need to access the RDS instance in HMPPS Delius Alfresco environments securely and conveniently.
Loading

0 comments on commit 9c67be5

Please sign in to comment.