Merge pull request #593 from deric/slop

Rewrite command line arguments parsing

Author: chelnak

tooling/Dockerfile

@@ -10,14 +10,15 @@ RUN set -x && \
   git clone https://github.com/cloudflare/cfssl_trust.git /go/src/github.com/cloudflare/cfssl_trust && \
   echo "Build complete."
 
-FROM ruby:2.3.5-alpine
+FROM ruby:3.0-alpine3.16
 COPY --from=0 /go/src/github.com/cloudflare/cfssl_trust /etc/cfssl
 COPY --from=0 /go/src/github.com/cloudflare/cfssl/bin/ /usr/bin
+RUN gem install slop
 COPY . /etc/k8s
 
 RUN set -x && \
   apk --no-cache add git openssl
 
 WORKDIR /mnt
 
-ENTRYPOINT ["sh", "-c", "/etc/k8s/start-kubetool.sh"]
+ENTRYPOINT ["ruby", "/etc/k8s/kube_tool.rb"]

tooling/kube_tool.rb

@@ -1,88 +1,64 @@
 #!/usr/bin/env ruby
 
-require 'optparse'
+require 'slop'
 require_relative 'kube_tool/pre_checks.rb'
 require_relative 'kube_tool/create_certs.rb'
 require_relative 'kube_tool/clean_up.rb'
 require_relative 'kube_tool/other_params.rb'
 
-options = {:os                         => nil,
-           :version                    => nil,
-           :container_runtime          => nil,
-           :cni_provider               => nil,
-           :cni_provider_version       => nil,
-           :etcd_initial_cluster       => nil,
-           :kube_api_advertise_address => nil,
-           :install_dashboard          => nil,
-           :key_size                   => nil,
-          }
-
-parser = OptionParser.new do|opts|
-
-  opts.on('-o', '--os-type os-type', 'the os that kubernetes will run on') do |os|
-    options[:os] = os;
-  end
-
-  opts.on('-v', '--version version', 'the kubernetes version to install') do |version|
-    options[:version] = version;
-  end
-
-  opts.on('-r', '--container_runtime container runtime', 'the container runtime to use. this can only be docker or cri_containerd') do |container_runtime|
-    options[:container_runtime] = container_runtime;
-  end
-
-  opts.on('-c', '--cni-provider cni-provider', 'the networking provider to use, flannel, weave, calico or cilium are supported') do |cni_provider|
-    options[:cni_provider] = cni_provider;
-  end
-  opts.on('-p', '--cni-provider-version [cni_provider_version]', 'the networking provider version to use, calico and cilium will use this to reference the correct deployment download link') do |cni_provider_version|
-    options[:cni_provider_version] = cni_provider_version;
-  end
-
-  opts.on('-i', '--etcd-initial-cluster etcd-initial-cluster', 'the list of servers in the etcd cluster') do | etcd_initial_cluster |
-    options[:etcd_initial_cluster] = etcd_initial_cluster
-  end
-
-  opts.on('-t', '--etcd-ip etcd_ip', 'ip address etcd will listen on') do |etcd_ip|
-    options[:etcd_ip] = etcd_ip;
-  end
-
-  opts.on('-a', '--api-address api_address', 'the ip address that kube api will listen on') do |api_address|
-    options[:kube_api_advertise_address] = api_address;
-  end
-
-  opts.on('-b', '--key-size key_size', 'Specifies the number of bits in the key to create') do |key_size|
-    options[:key_size] = key_size
-  end
-
-  opts.on('-d', '--install-dashboard dashboard', 'install the kube dashboard') do |dashboard|
-    options[:install_dashboard] = dashboard;
-  end
-
-  opts.on('-h', '--help', 'Displays Help') do
-    puts opts
-    exit
+class Kube_tool
+  def self.parse_args
+    begin
+      opts = Slop.parse do |o|
+        o.string '-o', '--os', 'The OS that Kubernetes will run on', default: ENV['OS']
+        o.string '-v', '--version', 'The Kubernetes version to install', default: ENV['VERSION']
+        o.string '-r', '--container_runtime', 'The container runtime to use. This can only be "docker" or "cri_containerd"', default: ENV['CONTAINER_RUNTIME']
+        o.string '-c', '--cni_provider', 'The networking provider to use, flannel, weave, calico, calico-tigera or cilium are supported', default: ENV['CNI_PROVIDER']
+        o.string '-p', '--cni_provider_version', 'The networking provider version to use, calico and cilium will use this to reference the correct deployment download link', default: ENV['CNI_PROVIDER_VERSION']
+        o.string '-t', '--etcd_ip', 'The IP address etcd will listen on', default: ENV['ETCD_IP']
+        o.string '-i', '--etcd_initial_cluster', 'The list of servers in the etcd cluster', default: ENV['ETCD_INITIAL_CLUSTER']
+        o.string '-a', '--api_address', 'The IP address (or fact) that kube api will listen on', default: ENV['KUBE_API_ADVERTISE_ADDRESS']
+        o.int '-b', '--key_size', 'Specifies the number of bits in the key to create', default: ENV['KEY_SIZE'].to_i
+        o.int '--ca_algo', 'Algorithm to generate CA certificates, default: ecdsa', default: ENV['CA_ALGO']
+        o.int '--sa_size', 'Service account key size', default: ENV['SA_SIZE'].to_i
+        o.bool '-d', '--install_dashboard', 'Whether install the kube dashboard', default: ENV['INSTALL_DASHBOARD']
+        o.on '-h','--help', 'print the help' do
+          puts o
+          exit
+        end
+      end
+
+      options = opts.to_hash
+      options[:key_size] = 256 if options[:key_size] < 1
+      options[:sa_size] = 2048 if options[:sa_size] < 1
+      options[:ca_algo] ||= 'ecdsa'
+      options[:container_runtime] ||= 'cri_containerd'
+      options[:version] ||= '1.25.4'
+      options[:os] ||= 'Debian'
+      if options[:etcd_initial_cluster].nil?
+        abort('Please provide IP addresses for etcd initial cluster -i/--etcd_initial_cluster (ENV ETCD_INITIAL_CLUSTER)')
+      end
+      puts options
+      return options
+
+    rescue Slop::Error => e
+      puts "ERROR: #{e.message}"
+      exit 1
+    end
   end
-end
-
-parser.parse!
-
 
-class Kube_tool
-  def build_hiera(hash)
-    key_size = hash[:key_size].to_i
-    OtherParams.create( hash[:os], hash[:version], hash[:container_runtime], hash[:cni_provider], hash[:cni_provider_version], hash[:etcd_initial_cluster], hash[:etcd_ip], hash[:kube_api_advertise_address], hash[:install_dashboard])
+  def self.build_hiera(opts)
+    OtherParams.create(opts)
     PreChecks.checks
-    CreateCerts.etcd_ca(key_size)
-    CreateCerts.etcd_clients(key_size)
-    CreateCerts.etcd_certificates(hash[:etcd_initial_cluster], key_size)
-    CreateCerts.kube_ca(key_size)
-    CreateCerts.kube_front_proxy_ca(key_size)
-    CreateCerts.sa(key_size)
+    certs = CreateCerts.new(opts)
+    certs.etcd_ca
+    certs.etcd_clients
+    certs.etcd_certificates
+    certs.kube_ca
+    certs.kube_front_proxy_ca
+    certs.sa
     CleanUp.remove_files
-    CleanUp.clean_yaml(hash[:os])
+    CleanUp.clean_yaml(opts[:os])
   end
 end
-
-generate = Kube_tool.new
-
-generate.build_hiera(options)
+Kube_tool.build_hiera(Kube_tool.parse_args)

tooling/kube_tool/clean_up.rb

@@ -1,7 +1,15 @@
 require 'fileutils'
 
 class CleanUp
-  def CleanUp.remove_files
+  def self.all(files)
+    files.each do |x|
+      if File.exist?(x)
+        FileUtils.rm_f(x)
+      end
+    end
+  end
+
+  def self.remove_files
     puts "Cleaning up files"
     FileUtils.rm Dir.glob('*.csr')
     FileUtils.rm Dir.glob('*.json')
@@ -10,7 +18,7 @@ def CleanUp.remove_files
     FileUtils.rm('discovery_token_hash')
   end
 
-  def CleanUp.clean_yaml(os)
+  def self.clean_yaml(os)
     os = os.capitalize
     puts "Cleaning up yaml"
     File.write("kubernetes.yaml",File.open("kubernetes.yaml",&:read).gsub(/^---$/,""))

tooling/kube_tool/create_certs.rb

@@ -2,19 +2,18 @@
 require 'openssl'
 require 'json'
 require 'base64'
-
-#TODO fix repeatitive code after inital internal release
+require_relative 'clean_up.rb'
 
 class CreateCerts
-  def CreateCerts.etcd_ca(key_size)
+
+  def initialize(opts)
+    @opts = opts
+  end
+
+  def etcd_ca
     puts "Creating etcd ca"
-    files = ['ca-conf.json', 'ca-csr.json', 'ca-key.pem', 'ca-key.pem']
-    files.each do |x|
-      if File.exist?(x)
-        FileUtils.rm_f(x)
-      end
-    end
-    csr = { "CN": "etcd", "key": {"algo": "rsa", "size": key_size }}
+    CleanUp.all(['ca-conf.json', 'ca-csr.json', 'ca-key.pem', 'ca-key.pem'])
+    csr = { "CN": "etcd", "key": {"algo": @opts[:ca_algo], "size": @opts[:key_size] }}
     conf = { "signing": { "default": { "expiry": "43800h" }, "profiles": { "server": { "expiry": "43800h", "usages": [ "signing", "key encipherment", "server auth", "client auth" ] }, "client": { "expiry": "43800h", "usages": [ "signing", "key encipherment", "client auth" ] }, "peer": { "expiry": "43800h", "usages": [ "signing", "key encipherment", "server auth", "client auth" ] } } } }
     File.open("ca-csr.json", "w+") { |file| file.write(csr.to_json) }
     File.open("ca-conf.json", "w+") { |file| file.write(conf.to_json) }
@@ -28,9 +27,9 @@ def CreateCerts.etcd_ca(key_size)
     File.open("kubernetes.yaml", "a") { |file| file.write(data.to_yaml) }
   end
 
-  def CreateCerts.etcd_clients(key_size)
+  def etcd_clients
     puts "Creating etcd client certs"
-    csr = { "CN": "client", "hosts": [""], "key": { "algo": "rsa", "size": key_size } }
+    csr = { "CN": "client", "hosts": [""], "key": { "algo": @opts[:ca_algo], "size": @opts[:key_size] } }
     File.open("kube-etcd-csr.json", "w+") { |file| file.write(csr.to_json) }
     system("cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-conf.json -profile client kube-etcd-csr.json | cfssljson -bare client")
     FileUtils.rm_f('kube-etcd-csr.csr')
@@ -42,8 +41,8 @@ def CreateCerts.etcd_clients(key_size)
     File.open("kubernetes.yaml", "a") { |file| file.write(data.to_yaml) }
   end
 
-  def CreateCerts.etcd_certificates(etcd_initial_cluster, key_size)
-    etcd_servers = etcd_initial_cluster.split(",")
+  def etcd_certificates
+    etcd_servers = @opts[:etcd_initial_cluster].split(",")
     etcd_server_ips = []
     etcd_servers.each do | servers |
       server = servers.split(":")
@@ -58,7 +57,7 @@ def CreateCerts.etcd_certificates(etcd_initial_cluster, key_size)
         FileUtils.rm_f("#{hostname}.yaml")
       end
         puts "Creating etcd peer and server certificates"
-        csr = { "CN": "etcd-#{hostname}", "hosts": etcd_server_ips, "key": { "algo": "rsa", "size": key_size }}
+        csr = { "CN": "etcd-#{hostname}", "hosts": etcd_server_ips, "key": { "algo": @opts[:ca_algo], "size": @opts[:key_size] }}
         File.open("config.json", "w+") { |file| file.write(csr.to_json) }
         system("cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-conf.json -profile server --hostname=#{etcd_server_ips * ","},#{hostname} config.json | cfssljson -bare #{hostname}-server")
         system("cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-conf.json -profile peer --hostname=#{ip},#{hostname} config.json | cfssljson -bare #{hostname}-peer")
@@ -81,15 +80,10 @@ def CreateCerts.etcd_certificates(etcd_initial_cluster, key_size)
     end
   end
 
-  def CreateCerts.kube_ca(key_size)
+  def kube_ca
     puts "Creating kube ca"
-    files = ['ca-conf.json', 'ca-csr.json', 'ca-key.pem', 'ca-key.pem']
-    files.each do |x|
-      if File.exist?(x)
-        FileUtils.rm_f(x)
-      end
-    end
-    csr = { "CN": "kubernetes", "key": {"algo": "rsa", "size": key_size }}
+    CleanUp.all(['ca-conf.json', 'ca-csr.json', 'ca-key.pem', 'ca-key.pem'])
+    csr = { "CN": "kubernetes", "key": {"algo": @opts[:ca_algo], "size": @opts[:key_size] }}
     conf = { "signing": { "default": { "expiry": "43800h" }, "profiles": { "server": { "expiry": "43800h", "usages": [ "signing", "key encipherment", "server auth", "client auth" ] }, "client": { "expiry": "43800h", "usages": [ "signing", "key encipherment", "client auth" ] }, "peer": { "expiry": "43800h", "usages": [ "signing", "key encipherment", "server auth", "client auth" ] } } } }
     File.open("ca-csr.json", "w+") { |file| file.write(csr.to_json) }
     File.open("ca-conf.json", "w+") { |file| file.write(conf.to_json) }
@@ -107,15 +101,10 @@ def CreateCerts.kube_ca(key_size)
     File.open("kubernetes.yaml", "a") { |file| file.write(data.to_yaml) }
   end
 
-  def CreateCerts.kube_front_proxy_ca(key_size)
+  def kube_front_proxy_ca
     puts "Creating kube front-proxy ca"
-    files = ['front-proxy-ca-conf.json', 'front-proxy-ca-csr.json', 'front-proxy-ca-key.pem', 'front-proxy-ca-key.pem']
-    files.each do |x|
-      if File.exist?(x)
-        FileUtils.rm_f(x)
-      end
-    end
-    csr = { "CN": "front-proxy-ca", "key": {"algo": "rsa", "size": key_size }}
+    CleanUp.all(['front-proxy-ca-conf.json', 'front-proxy-ca-csr.json', 'front-proxy-ca-key.pem', 'front-proxy-ca-key.pem'])
+    csr = { "CN": "front-proxy-ca", "key": {"algo": @opts[:ca_algo], "size": @opts[:key_size] }}
     conf = { "signing": { "default": { "expiry": "87600h" }}}
     File.open("front-proxy-ca-csr.json", "w+") { |file| file.write(csr.to_json) }
     File.open("front-proxy-ca-conf.json", "w+") { |file| file.write(conf.to_json) }
@@ -129,9 +118,9 @@ def CreateCerts.kube_front_proxy_ca(key_size)
     File.open("kubernetes.yaml", "a") { |file| file.write(data.to_yaml) }
   end
 
-  def CreateCerts.sa(key_size)
-    puts "Creating service account certs"
-    key = OpenSSL::PKey::RSA.new key_size
+  def sa
+    puts "Creating service account certs (key size: #{@opts[:sa_size]})"
+    key = OpenSSL::PKey::RSA.new @opts[:sa_size]
     open 'sa-key.pem', 'w' do |io|
       io.write key.to_pem
     end
@@ -145,6 +134,4 @@ def CreateCerts.sa(key_size)
     data['kubernetes::sa_key'] = key
     File.open("kubernetes.yaml", "a") { |file| file.write(data.to_yaml) }
   end 
-
-
 end