Skip to content

Commit

Permalink
🔨 Add scripts to easily port-forward non k8s services
Browse files Browse the repository at this point in the history
  • Loading branch information
@georgepstaylor
georgepstaylor committed Sep 3, 2024
1 parent 5543837 commit 43428f3
Show file tree
Hide file tree
Showing 6 changed files with 390 additions and 0 deletions.
74 changes: 74 additions & 0 deletions tools/scripts/amq-connect.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
# AMQ Connect Script

This script provides a way to connect to the Amazon MQ (ActiveMQ) console within a specified Kubernetes namespace by setting up port forwarding. The script targets HMPPS Delius Alfresco environments.

## Usage

```sh
./amq-connect.sh <env> [local_port]
```

- `env`: Required. The environment you want to connect to (e.g., `dev`, `poc`, `prod`).
- `local_port`: Optional. The local port for port forwarding. If not provided, the remote port will be used.

## Features

- Automatically determines the appropriate namespace based on the environment provided.
- Retrieves the AMQ console URL from Kubernetes secrets.
- Sets up port forwarding to allow local access to the AMQ console.

## Environment Mapping

The environment (`<env>`) parameter maps to Kubernetes namespaces as follows:

- `poc` -> `hmpps-delius-alfrsco-poc`
- Other environments (e.g., `dev`, `prod`) -> `hmpps-delius-alfresco-<env>`

## Prerequisites

- Ensure you have `kubectl` installed and configured to interact with the appropriate Kubernetes cluster.
- Ensure the `jq` utility is installed for JSON parsing.
- Ensure OpenSSL is installed for generating random hex strings.
- Ensure the Docker image `ghcr.io/ministryofjustice/hmpps-delius-alfresco-port-forward-pod:latest` is available and accessible.

## Steps Performed by the Script

1. Validate the input and determine the Kubernetes namespace based on the provided environment (`env`).
2. Retrieve the ActiveMQ console URL from the Kubernetes secret `amazon-mq-broker-secret`.
3. Extract the necessary details (protocol, host, and ports) from the URL.
4. Generate a random hex string for unique identification.
5. Create a pod for port forwarding using the Docker image `ghcr.io/ministryofjustice/hmpps-delius-alfresco-port-forward-pod:latest`.
6. Wait for the pod to become ready.
7. Start port forwarding from the remote MQ console to the local machine.

## Signals and Error Handling

- The script traps signals for interruption (Ctrl+C) and errors, ensuring proper cleanup of the port-forwarding pod.
- If the script fails at any step or is interrupted, it will delete the port-forward pod and exit gracefully.

## Example

```sh
./amq-connect.sh dev 8080
```

This example connects to the `dev` environment and sets up port forwarding from the remote MQ console to local port `8080`.

## Important Notes

- The script assumes that the Kubernetes secret `amazon-mq-broker-secret` exists in the target namespace and contains the key `BROKER_CONSOLE_URL`.
- Pressing Ctrl+C will terminate the port-forwarding session and clean up the pod created for this purpose.

## Cleanup

The script automatically deletes the created port-forward pod upon script termination or failure. Manual cleanup should not be necessary.

## Troubleshooting

- Ensure your Kubernetes context is set correctly to the cluster containing the target namespace.
- Ensure you have the necessary permissions to create and delete pods and retrieve secrets within the namespace.
- Verify the `ghcr.io/ministryofjustice/hmpps-delius-alfresco-port-forward-pod:latest` image is accessible and that your Kubernetes cluster can pull it.

---

This script is useful for developers and engineers who need to access the ActiveMQ console in HMPPS Delius Alfresco environments securely and conveniently.
62 changes: 62 additions & 0 deletions tools/scripts/amq-connect.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
#!/usr/bin/env bash

# trap ctrl-c and call ctrl_c()
trap ctrl_c INT
# trap fail and call fail()
trap fail ERR

main() {
env=$1
if [ "$env" == "poc" ]; then
namespace="hmpps-delius-alfrsco-${env}"
else
namespace="hmpps-delius-alfresco-${env}"
fi
echo "Connecting to AMQ Console in namespace $namespace"

# get amq connection url
URL=$(kubectl get secrets amazon-mq-broker-secret --namespace ${namespace} -o json | jq -r ".data.BROKER_CONSOLE_URL | @base64d")
# extract host and port
HOST=$(echo $URL | cut -d '/' -f 3 | cut -d ':' -f 1)
# extract protocol
PROTOCOL=$(echo $URL | awk -F'://' '{print $1}')
# extract remote port
REMOTE_PORT=$(echo $URL | cut -d '/' -f 3 | cut -d ':' -f 2)
# if custom local port not provided, use remote port
if [ -z "$2" ]; then
LOCAL_PORT=$REMOTE_PORT
else
LOCAL_PORT=$2
fi
# generate random hex string
RANDOM_HEX=$(openssl rand -hex 4)
# start port forwarding
kubectl run port-forward-pod-${RANDOM_HEX} --image=ghcr.io/ministryofjustice/hmpps-delius-alfresco-port-forward-pod:latest --port ${LOCAL_PORT} --env="REMOTE_HOST=$HOST" --env="LOCAL_PORT=$LOCAL_PORT" --env="REMOTE_PORT=$REMOTE_PORT" --namespace ${namespace};
# wait for pod to start
kubectl wait --for=condition=ready pod/port-forward-pod-${RANDOM_HEX} --timeout=30s --namespace ${namespace}
printf "\nPort forwarding started, connecting to $HOST:$REMOTE_PORT \n"
printf "\n****************************************************\n"
printf "Connect to ${PROTOCOL}://localhost:$LOCAL_PORT locally\n"
printf "Press Ctrl+C to stop port forwarding \n"
printf "****************************************************\n\n"
# start the local port forwarding session
kubectl port-forward --namespace ${namespace} port-forward-pod-${RANDOM_HEX} $LOCAL_PORT:$LOCAL_PORT;
}

fail() {
printf "\n\nPort forwarding failed"
kubectl delete pod port-forward-pod-${RANDOM_HEX} --force --grace-period=0 --namespace ${namespace}
exit 1
}
ctrl_c() {
printf "\n\nStopping port forwarding"
kubectl delete pod port-forward-pod-${RANDOM_HEX} --force --grace-period=0 --namespace ${namespace}
exit 0
}

if [ -z "$1" ]; then
echo "env not provided"
echo "Usage: amq-connect.sh <env>"
exit 1
fi
main $1 $2
66 changes: 66 additions & 0 deletions tools/scripts/opensearch-connect.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
# Opensearch Connect Script

This script provides a convenient way to connect to the Opensearch service within a specified Kubernetes namespace by setting up port forwarding. The script targets HMPPS Delius Alfresco environments.

## Usage

```sh
./opensearch-connect.sh <env> [local_port]
```

- `env`: Required. The environment you want to connect to (e.g., `dev`, `poc`, `prod`).
- `local_port`: Optional. The local port for port forwarding (defaults to `8080` if not specified).

## Features

- Automatically determines the appropriate namespace based on the environment provided.
- Identifies the pod running the Opensearch proxy within the namespace.
- Sets up port forwarding to allow local access to the Opensearch service.

## Environment Mapping

The environment (`<env>`) parameter maps to Kubernetes namespaces as follows:

- `poc` -> `hmpps-delius-alfrsco-poc`
- Other environments (e.g., `dev`, `prod`) -> `hmpps-delius-alfresco-<env>`

## Prerequisites

- Ensure you have `kubectl` installed and configured to interact with the appropriate Kubernetes cluster.

## Steps Performed by the Script

1. Validate the input and determine the Kubernetes namespace based on the provided environment (`env`).
2. Identify the Opensearch proxy pod running in the target namespace.
3. Set up port forwarding from the specified or default local port (`8080`) to the Opensearch service.

## Signals and Error Handling

- The script traps signals for interruption (Ctrl+C) and errors, ensuring graceful exit.
- If the script fails at any step or is interrupted, it will terminate the port-forwarding session and exit gracefully.

## Example

```sh
./opensearch-connect.sh dev 9090
```

This example connects to the `dev` environment and sets up port forwarding from the remote Opensearch service to local port `9090`.

## Important Notes

- The script assumes that the target namespace contains a pod with the name containing `opensearch-proxy-cloud-platform`.
- Pressing Ctrl+C will terminate the port-forwarding session.

## Cleanup

The script does not create any resources that require manual cleanup. The local port forwarding session will terminate upon script exit.

## Troubleshooting

- Ensure your Kubernetes context is set correctly to the cluster containing the target namespace.
- Ensure you have the necessary permissions to retrieve pods within the namespace.

---

This script is useful for developers and engineers who need to access the Opensearch service in HMPPS Delius Alfresco environments securely and conveniently.
48 changes: 48 additions & 0 deletions tools/scripts/opensearch-connect.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
#!/usr/bin/env bash

# trap ctrl-c and call ctrl_c()
trap ctrl_c INT
# trap fail and call fail()
trap fail ERR

main() {
env=$1

if [ "$env" == "poc" ]; then
namespace="hmpps-delius-alfrsco-${env}"
else
namespace="hmpps-delius-alfresco-${env}"
fi
echo "Connecting to Opensearch in namespace $namespace"

if [ -z "$2" ]; then
PORT=8080
else
PORT=$2
fi

# get opensearch proxy pod name
OPENSEARCH_PROXY_POD=$(kubectl get pods | grep 'opensearch-proxy-cloud-platform' | awk '{print $1}')
printf "\n****************************************************\n"
printf "Connect to http://localhost:$PORT locally\n"
printf "Press Ctrl+C to stop port forwarding \n"
printf "****************************************************\n\n"
# start the local port forwarding session
kubectl port-forward $OPENSEARCH_PROXY_POD $PORT:8080 --namespace ${namespace}
}

fail() {
printf "\n\nPort forwarding failed"
exit 1
}
ctrl_c() {
printf "\n\nStopping port forwarding"
exit 0
}

if [ -z "$1" ]; then
echo "env not provided"
echo "Usage: opensearch-connect.sh <env>"
exit 1
fi
main $1 $2
74 changes: 74 additions & 0 deletions tools/scripts/rds-connect.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
# RDS Connect Script

This script provides a convenient way to connect to an RDS (Relational Database Service) instance within a specified Kubernetes namespace by setting up port forwarding. The script targets HMPPS Delius Alfresco environments.

## Usage

```sh
./rds-connect.sh <env> [local_port]
```

- `env`: Required. The environment you want to connect to (e.g., `dev`, `poc`, `prod`).
- `local_port`: Optional. The local port for port forwarding (defaults to the remote port if not specified).

## Features

- Automatically determines the appropriate namespace based on the environment provided.
- Retrieves the RDS JDBC URL from Kubernetes secrets.
- Sets up port forwarding to allow local access to the RDS instance.

## Environment Mapping

The environment (`<env>`) parameter maps to Kubernetes namespaces as follows:

- `poc` -> `hmpps-delius-alfrsco-poc`
- Other environments (e.g., `dev`, `prod`) -> `hmpps-delius-alfresco-<env>`

## Prerequisites

- Ensure you have `kubectl` installed and configured to interact with the appropriate Kubernetes cluster.
- Ensure the `jq` utility is installed for JSON parsing.
- Ensure OpenSSL is installed for generating random hex strings.
- Ensure the Docker image `ghcr.io/ministryofjustice/hmpps-delius-alfresco-port-forward-pod:latest` is available and accessible.

## Steps Performed by the Script

1. Validate the input and determine the Kubernetes namespace based on the provided environment (`env`).
2. Retrieve the RDS JDBC URL from the Kubernetes secret `rds-instance-output`.
3. Extract the necessary details (protocol, host, ports, and database name) from the URL.
4. Generate a random hex string for unique identification.
5. Create a pod for port forwarding using the Docker image `ghcr.io/ministryofjustice/hmpps-delius-alfresco-port-forward-pod:latest`.
6. Wait for the pod to become ready.
7. Start port forwarding from the remote RDS instance to the local machine.

## Signals and Error Handling

- The script traps signals for interruption (Ctrl+C) and errors, ensuring proper cleanup of the port-forwarding pod.
- If the script fails at any step or is interrupted, it will delete the port-forward pod and exit gracefully.

## Example

```sh
./rds-connect.sh dev 5432
```

This example connects to the `dev` environment and sets up port forwarding from the remote RDS instance to local port `5432`.

## Important Notes

- The script assumes that the Kubernetes secret `rds-instance-output` exists in the target namespace and contains the key `RDS_JDBC_URL`.
- Pressing Ctrl+C will terminate the port-forwarding session and clean up the pod created for this purpose.

## Cleanup

The script automatically deletes the created port-forward pod upon script termination or failure. Manual cleanup should not be necessary.

## Troubleshooting

- Ensure your Kubernetes context is set correctly to the cluster containing the target namespace.
- Ensure you have the necessary permissions to create and delete pods and retrieve secrets within the namespace.
- Verify the `ghcr.io/ministryofjustice/hmpps-delius-alfresco-port-forward-pod:latest` image is accessible and that your Kubernetes cluster can pull it.

---

This script is useful for developers and engineers who need to access the RDS instance in HMPPS Delius Alfresco environments securely and conveniently.
66 changes: 66 additions & 0 deletions tools/scripts/rds-connect.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
#!/usr/bin/env bash

# trap ctrl-c and call ctrl_c()
trap ctrl_c INT
# trap fail and call fail()
trap fail ERR

main() {
env=$1

if [ "$env" == "poc" ]; then
namespace="hmpps-delius-alfrsco-${env}"
else
namespace="hmpps-delius-alfresco-${env}"
fi
echo "Connecting to RDS in namespace $namespace"

# get RDS connection url
URL=$(kubectl get secrets rds-instance-output --namespace ${namespace} -o json | jq -r ".data.RDS_JDBC_URL | @base64d")
# extract host and port
HOST=$(echo $URL | cut -d '/' -f 3 | cut -d ':' -f 1)
# extract database name
DATABASE_NAME=$(echo "$URL" | awk -F'/' '{print $NF}')
# extract protocol/jdbc
PROTOCOL=$(echo $URL | awk -F'://' '{print $1}')
# extract remote port
REMOTE_PORT=$(echo $URL | cut -d '/' -f 3 | cut -d ':' -f 2)
# if custom local port not provided, use remote port
if [ -z "$2" ]; then
LOCAL_PORT=$REMOTE_PORT
else
LOCAL_PORT=$2
fi
# generate random hex string
RANDOM_HEX=$(openssl rand -hex 4)
# start port forwarding
kubectl run port-forward-pod-${RANDOM_HEX} --image=ghcr.io/ministryofjustice/hmpps-delius-alfresco-port-forward-pod:latest --port ${LOCAL_PORT} --env="REMOTE_HOST=$HOST" --env="LOCAL_PORT=$LOCAL_PORT" --env="REMOTE_PORT=$REMOTE_PORT" --namespace ${namespace};
# wait for pod to start
kubectl wait --for=condition=ready pod/port-forward-pod-${RANDOM_HEX} --timeout=30s --namespace ${namespace}
printf "\nPort forwarding started, connecting to $HOST:$REMOTE_PORT \n"
printf "\n****************************************************\n"
printf "Connect to ${PROTOCOL}://localhost:$LOCAL_PORT/$DATABASE_NAME locally\n"
printf "Press Ctrl+C to stop port forwarding \n"
printf "****************************************************\n\n"
# start the local port forwarding session
kubectl port-forward --namespace ${namespace} port-forward-pod-${RANDOM_HEX} $LOCAL_PORT:$LOCAL_PORT;
}

fail() {
printf "\n\nPort forwarding failed"
kubectl delete pod port-forward-pod-${RANDOM_HEX} --force --grace-period=0 --namespace ${namespace}
exit 1
}

ctrl_c() {
printf "\n\nStopping port forwarding"
kubectl delete pod port-forward-pod-${RANDOM_HEX} --force --grace-period=0 --namespace ${namespace}
exit 0
}

if [ -z "$1" ]; then
echo "env not provided"
echo "Usage: rds-connect.sh <env>"
exit 1
fi
main $1 $2

0 comments on commit 43428f3

Please sign in to comment.