ryan/lunarfront-manager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8ec3b4d2479532f00439111470f98069d76d3cb4
lunarfront-manager/src/lib/k8s.ts
Ryan Moon 8ec3b4d247
Some checks failed
Build & Release / build (push) Has been cancelled
Details
feat: add pgbouncer check to overview, auto-sync ArgoCD after upgrade
2026-04-03 22:00:11 -05:00

136 lines
4.8 KiB
TypeScript
Raw Blame History

import { readFileSync } from "fs";
// Read in-cluster service account token and CA
const SA_TOKEN_PATH = "/var/run/secrets/kubernetes.io/serviceaccount/token";
const K8S_API = process.env.KUBERNETES_SERVICE_HOST
? `https://${process.env.KUBERNETES_SERVICE_HOST}:${process.env.KUBERNETES_SERVICE_PORT}`
: "https://kubernetes.default.svc";
function token() {
return readFileSync(SA_TOKEN_PATH, "utf-8").trim();
}
export async function k8sFetch(path: string, options: RequestInit = {}, allowStatuses: number[] = []) {
const res = await fetch(`${K8S_API}${path}`, {
...options,
headers: {
Authorization: `Bearer ${token()}`,
"Content-Type": "application/json",
...(options.headers ?? {}),
},
// @ts-ignore - bun supports this
tls: { rejectUnauthorized: false },
});
if (!res.ok && !allowStatuses.includes(res.status)) {
const body = await res.text();
throw new Error(`k8s API ${options.method ?? "GET"} ${path}${res.status}: ${body}`);
}
return res;
}
export async function getSecret(namespace: string, name: string): Promise<Record<string, string>> {
const res = await k8sFetch(`/api/v1/namespaces/${namespace}/secrets/${name}`);
const secret = await res.json() as { data: Record<string, string> };
return Object.fromEntries(
Object.entries(secret.data).map(([k, v]) => [k, Buffer.from(v, "base64").toString()])
);
}
export async function patchSecret(namespace: string, name: string, data: Record<string, string>) {
const encoded = Object.fromEntries(
Object.entries(data).map(([k, v]) => [k, Buffer.from(v).toString("base64")])
);
return (await k8sFetch(`/api/v1/namespaces/${namespace}/secrets/${name}`, {
method: "PATCH",
headers: { "Content-Type": "application/strategic-merge-patch+json" },
body: JSON.stringify({ data: encoded }),
})).json();
}
export async function createSecret(namespace: string, name: string, data: Record<string, string>) {
const encoded = Object.fromEntries(
Object.entries(data).map(([k, v]) => [k, Buffer.from(v).toString("base64")])
);
await k8sFetch(`/api/v1/namespaces/${namespace}/secrets`, {
method: "POST",
body: JSON.stringify({
apiVersion: "v1",
kind: "Secret",
metadata: { name, namespace },
data: encoded,
}),
}, [409]); // 409 = already exists, ignore
}
export async function createDockerRegistrySecret(
namespace: string,
name: string,
opts: { server: string; username: string; password: string },
) {
const auth = Buffer.from(`${opts.username}:${opts.password}`).toString("base64");
const dockerConfig = JSON.stringify({
auths: { [opts.server]: { username: opts.username, password: opts.password, auth } },
});
const encoded = Buffer.from(dockerConfig).toString("base64");
await k8sFetch(`/api/v1/namespaces/${namespace}/secrets`, {
method: "POST",
body: JSON.stringify({
apiVersion: "v1",
kind: "Secret",
metadata: { name, namespace },
type: "kubernetes.io/dockerconfigjson",
data: { ".dockerconfigjson": encoded },
}),
}, [409]);
}
export async function createNamespace(name: string) {
await k8sFetch(`/api/v1/namespaces`, {
method: "POST",
body: JSON.stringify({
apiVersion: "v1",
kind: "Namespace",
metadata: { name },
}),
}, [409]); // 409 = already exists, ignore
}
export async function deleteNamespace(name: string) {
await k8sFetch(`/api/v1/namespaces/${name}`, { method: "DELETE" }, [404]);
}
export async function patchConfigMap(namespace: string, name: string, data: Record<string, string>) {
return (await k8sFetch(`/api/v1/namespaces/${namespace}/configmaps/${name}`, {
method: "PATCH",
headers: { "Content-Type": "application/strategic-merge-patch+json" },
body: JSON.stringify({ data }),
})).json();
}
export async function getConfigMap(namespace: string, name: string): Promise<Record<string, string>> {
const res = await k8sFetch(`/api/v1/namespaces/${namespace}/configmaps/${name}`);
const cm = await res.json() as { data?: Record<string, string> };
return cm.data ?? {};
}
export async function syncArgoApp(name: string) {
await k8sFetch(`/apis/argoproj.io/v1alpha1/namespaces/argocd/applications/${name}`, {
method: "PATCH",
headers: { "Content-Type": "application/merge-patch+json" },
body: JSON.stringify({
metadata: { annotations: { "argocd.argoproj.io/refresh": "hard" } },
operation: { sync: { prune: true } },
}),
}, [404]);
}
export async function rolloutRestart(namespace: string, deployment: string) {
return (await k8sFetch(`/apis/apps/v1/namespaces/${namespace}/deployments/${deployment}`, {
method: "PATCH",
headers: { "Content-Type": "application/strategic-merge-patch+json" },
body: JSON.stringify({
spec: { template: { metadata: { annotations: { "kubectl.kubernetes.io/restartedAt": new Date().toISOString() } } } },
}),
})).json();
}
Reference in New Issue View Git Blame Copy Permalink