From 43428f342d1840edec420c47590e4e2efabf565e Mon Sep 17 00:00:00 2001 From: George Taylor Date: Mon, 2 Sep 2024 18:44:26 +0100 Subject: [PATCH] :hammer: Add scripts to easily port-forward non k8s services --- tools/scripts/amq-connect.md | 74 +++++++++++++++++++++++++++++ tools/scripts/amq-connect.sh | 62 ++++++++++++++++++++++++ tools/scripts/opensearch-connect.md | 66 +++++++++++++++++++++++++ tools/scripts/opensearch-connect.sh | 48 +++++++++++++++++++ tools/scripts/rds-connect.md | 74 +++++++++++++++++++++++++++++ tools/scripts/rds-connect.sh | 66 +++++++++++++++++++++++++ 6 files changed, 390 insertions(+) create mode 100644 tools/scripts/amq-connect.md create mode 100755 tools/scripts/amq-connect.sh create mode 100644 tools/scripts/opensearch-connect.md create mode 100755 tools/scripts/opensearch-connect.sh create mode 100644 tools/scripts/rds-connect.md create mode 100755 tools/scripts/rds-connect.sh diff --git a/tools/scripts/amq-connect.md b/tools/scripts/amq-connect.md new file mode 100644 index 0000000..fad86be --- /dev/null +++ b/tools/scripts/amq-connect.md @@ -0,0 +1,74 @@ +# AMQ Connect Script + +This script provides a way to connect to the Amazon MQ (ActiveMQ) console within a specified Kubernetes namespace by setting up port forwarding. The script targets HMPPS Delius Alfresco environments. + +## Usage + +```sh +./amq-connect.sh [local_port] +``` + +- `env`: Required. The environment you want to connect to (e.g., `dev`, `poc`, `prod`). +- `local_port`: Optional. The local port for port forwarding. If not provided, the remote port will be used. + +## Features + +- Automatically determines the appropriate namespace based on the environment provided. +- Retrieves the AMQ console URL from Kubernetes secrets. +- Sets up port forwarding to allow local access to the AMQ console. + +## Environment Mapping + +The environment (``) parameter maps to Kubernetes namespaces as follows: + +- `poc` -> `hmpps-delius-alfrsco-poc` +- Other environments (e.g., `dev`, `prod`) -> `hmpps-delius-alfresco-` + +## Prerequisites + +- Ensure you have `kubectl` installed and configured to interact with the appropriate Kubernetes cluster. +- Ensure the `jq` utility is installed for JSON parsing. +- Ensure OpenSSL is installed for generating random hex strings. +- Ensure the Docker image `ghcr.io/ministryofjustice/hmpps-delius-alfresco-port-forward-pod:latest` is available and accessible. + +## Steps Performed by the Script + +1. Validate the input and determine the Kubernetes namespace based on the provided environment (`env`). +2. Retrieve the ActiveMQ console URL from the Kubernetes secret `amazon-mq-broker-secret`. +3. Extract the necessary details (protocol, host, and ports) from the URL. +4. Generate a random hex string for unique identification. +5. Create a pod for port forwarding using the Docker image `ghcr.io/ministryofjustice/hmpps-delius-alfresco-port-forward-pod:latest`. +6. Wait for the pod to become ready. +7. Start port forwarding from the remote MQ console to the local machine. + +## Signals and Error Handling + +- The script traps signals for interruption (Ctrl+C) and errors, ensuring proper cleanup of the port-forwarding pod. +- If the script fails at any step or is interrupted, it will delete the port-forward pod and exit gracefully. + +## Example + +```sh +./amq-connect.sh dev 8080 +``` + +This example connects to the `dev` environment and sets up port forwarding from the remote MQ console to local port `8080`. + +## Important Notes + +- The script assumes that the Kubernetes secret `amazon-mq-broker-secret` exists in the target namespace and contains the key `BROKER_CONSOLE_URL`. +- Pressing Ctrl+C will terminate the port-forwarding session and clean up the pod created for this purpose. + +## Cleanup + +The script automatically deletes the created port-forward pod upon script termination or failure. Manual cleanup should not be necessary. + +## Troubleshooting + +- Ensure your Kubernetes context is set correctly to the cluster containing the target namespace. +- Ensure you have the necessary permissions to create and delete pods and retrieve secrets within the namespace. +- Verify the `ghcr.io/ministryofjustice/hmpps-delius-alfresco-port-forward-pod:latest` image is accessible and that your Kubernetes cluster can pull it. + +--- + +This script is useful for developers and engineers who need to access the ActiveMQ console in HMPPS Delius Alfresco environments securely and conveniently. \ No newline at end of file diff --git a/tools/scripts/amq-connect.sh b/tools/scripts/amq-connect.sh new file mode 100755 index 0000000..ce398b8 --- /dev/null +++ b/tools/scripts/amq-connect.sh @@ -0,0 +1,62 @@ +#!/usr/bin/env bash + +# trap ctrl-c and call ctrl_c() +trap ctrl_c INT +# trap fail and call fail() +trap fail ERR + +main() { + env=$1 + if [ "$env" == "poc" ]; then + namespace="hmpps-delius-alfrsco-${env}" + else + namespace="hmpps-delius-alfresco-${env}" + fi + echo "Connecting to AMQ Console in namespace $namespace" + + # get amq connection url + URL=$(kubectl get secrets amazon-mq-broker-secret --namespace ${namespace} -o json | jq -r ".data.BROKER_CONSOLE_URL | @base64d") + # extract host and port + HOST=$(echo $URL | cut -d '/' -f 3 | cut -d ':' -f 1) + # extract protocol + PROTOCOL=$(echo $URL | awk -F'://' '{print $1}') + # extract remote port + REMOTE_PORT=$(echo $URL | cut -d '/' -f 3 | cut -d ':' -f 2) + # if custom local port not provided, use remote port + if [ -z "$2" ]; then + LOCAL_PORT=$REMOTE_PORT + else + LOCAL_PORT=$2 + fi + # generate random hex string + RANDOM_HEX=$(openssl rand -hex 4) + # start port forwarding + kubectl run port-forward-pod-${RANDOM_HEX} --image=ghcr.io/ministryofjustice/hmpps-delius-alfresco-port-forward-pod:latest --port ${LOCAL_PORT} --env="REMOTE_HOST=$HOST" --env="LOCAL_PORT=$LOCAL_PORT" --env="REMOTE_PORT=$REMOTE_PORT" --namespace ${namespace}; + # wait for pod to start + kubectl wait --for=condition=ready pod/port-forward-pod-${RANDOM_HEX} --timeout=30s --namespace ${namespace} + printf "\nPort forwarding started, connecting to $HOST:$REMOTE_PORT \n" + printf "\n****************************************************\n" + printf "Connect to ${PROTOCOL}://localhost:$LOCAL_PORT locally\n" + printf "Press Ctrl+C to stop port forwarding \n" + printf "****************************************************\n\n" + # start the local port forwarding session + kubectl port-forward --namespace ${namespace} port-forward-pod-${RANDOM_HEX} $LOCAL_PORT:$LOCAL_PORT; +} + +fail() { + printf "\n\nPort forwarding failed" + kubectl delete pod port-forward-pod-${RANDOM_HEX} --force --grace-period=0 --namespace ${namespace} + exit 1 +} +ctrl_c() { + printf "\n\nStopping port forwarding" + kubectl delete pod port-forward-pod-${RANDOM_HEX} --force --grace-period=0 --namespace ${namespace} + exit 0 +} + +if [ -z "$1" ]; then + echo "env not provided" + echo "Usage: amq-connect.sh " + exit 1 +fi +main $1 $2 diff --git a/tools/scripts/opensearch-connect.md b/tools/scripts/opensearch-connect.md new file mode 100644 index 0000000..a4a7b4d --- /dev/null +++ b/tools/scripts/opensearch-connect.md @@ -0,0 +1,66 @@ +# Opensearch Connect Script + +This script provides a convenient way to connect to the Opensearch service within a specified Kubernetes namespace by setting up port forwarding. The script targets HMPPS Delius Alfresco environments. + +## Usage + +```sh +./opensearch-connect.sh [local_port] +``` + +- `env`: Required. The environment you want to connect to (e.g., `dev`, `poc`, `prod`). +- `local_port`: Optional. The local port for port forwarding (defaults to `8080` if not specified). + +## Features + +- Automatically determines the appropriate namespace based on the environment provided. +- Identifies the pod running the Opensearch proxy within the namespace. +- Sets up port forwarding to allow local access to the Opensearch service. + +## Environment Mapping + +The environment (``) parameter maps to Kubernetes namespaces as follows: + +- `poc` -> `hmpps-delius-alfrsco-poc` +- Other environments (e.g., `dev`, `prod`) -> `hmpps-delius-alfresco-` + +## Prerequisites + +- Ensure you have `kubectl` installed and configured to interact with the appropriate Kubernetes cluster. + +## Steps Performed by the Script + +1. Validate the input and determine the Kubernetes namespace based on the provided environment (`env`). +2. Identify the Opensearch proxy pod running in the target namespace. +3. Set up port forwarding from the specified or default local port (`8080`) to the Opensearch service. + +## Signals and Error Handling + +- The script traps signals for interruption (Ctrl+C) and errors, ensuring graceful exit. +- If the script fails at any step or is interrupted, it will terminate the port-forwarding session and exit gracefully. + +## Example + +```sh +./opensearch-connect.sh dev 9090 +``` + +This example connects to the `dev` environment and sets up port forwarding from the remote Opensearch service to local port `9090`. + +## Important Notes + +- The script assumes that the target namespace contains a pod with the name containing `opensearch-proxy-cloud-platform`. +- Pressing Ctrl+C will terminate the port-forwarding session. + +## Cleanup + +The script does not create any resources that require manual cleanup. The local port forwarding session will terminate upon script exit. + +## Troubleshooting + +- Ensure your Kubernetes context is set correctly to the cluster containing the target namespace. +- Ensure you have the necessary permissions to retrieve pods within the namespace. + +--- + +This script is useful for developers and engineers who need to access the Opensearch service in HMPPS Delius Alfresco environments securely and conveniently. \ No newline at end of file diff --git a/tools/scripts/opensearch-connect.sh b/tools/scripts/opensearch-connect.sh new file mode 100755 index 0000000..d27dee0 --- /dev/null +++ b/tools/scripts/opensearch-connect.sh @@ -0,0 +1,48 @@ +#!/usr/bin/env bash + +# trap ctrl-c and call ctrl_c() +trap ctrl_c INT +# trap fail and call fail() +trap fail ERR + +main() { + env=$1 + + if [ "$env" == "poc" ]; then + namespace="hmpps-delius-alfrsco-${env}" + else + namespace="hmpps-delius-alfresco-${env}" + fi + echo "Connecting to Opensearch in namespace $namespace" + + if [ -z "$2" ]; then + PORT=8080 + else + PORT=$2 + fi + + # get opensearch proxy pod name + OPENSEARCH_PROXY_POD=$(kubectl get pods | grep 'opensearch-proxy-cloud-platform' | awk '{print $1}') + printf "\n****************************************************\n" + printf "Connect to http://localhost:$PORT locally\n" + printf "Press Ctrl+C to stop port forwarding \n" + printf "****************************************************\n\n" + # start the local port forwarding session + kubectl port-forward $OPENSEARCH_PROXY_POD $PORT:8080 --namespace ${namespace} +} + +fail() { + printf "\n\nPort forwarding failed" + exit 1 +} +ctrl_c() { + printf "\n\nStopping port forwarding" + exit 0 +} + +if [ -z "$1" ]; then + echo "env not provided" + echo "Usage: opensearch-connect.sh " + exit 1 +fi +main $1 $2 diff --git a/tools/scripts/rds-connect.md b/tools/scripts/rds-connect.md new file mode 100644 index 0000000..1adcfef --- /dev/null +++ b/tools/scripts/rds-connect.md @@ -0,0 +1,74 @@ +# RDS Connect Script + +This script provides a convenient way to connect to an RDS (Relational Database Service) instance within a specified Kubernetes namespace by setting up port forwarding. The script targets HMPPS Delius Alfresco environments. + +## Usage + +```sh +./rds-connect.sh [local_port] +``` + +- `env`: Required. The environment you want to connect to (e.g., `dev`, `poc`, `prod`). +- `local_port`: Optional. The local port for port forwarding (defaults to the remote port if not specified). + +## Features + +- Automatically determines the appropriate namespace based on the environment provided. +- Retrieves the RDS JDBC URL from Kubernetes secrets. +- Sets up port forwarding to allow local access to the RDS instance. + +## Environment Mapping + +The environment (``) parameter maps to Kubernetes namespaces as follows: + +- `poc` -> `hmpps-delius-alfrsco-poc` +- Other environments (e.g., `dev`, `prod`) -> `hmpps-delius-alfresco-` + +## Prerequisites + +- Ensure you have `kubectl` installed and configured to interact with the appropriate Kubernetes cluster. +- Ensure the `jq` utility is installed for JSON parsing. +- Ensure OpenSSL is installed for generating random hex strings. +- Ensure the Docker image `ghcr.io/ministryofjustice/hmpps-delius-alfresco-port-forward-pod:latest` is available and accessible. + +## Steps Performed by the Script + +1. Validate the input and determine the Kubernetes namespace based on the provided environment (`env`). +2. Retrieve the RDS JDBC URL from the Kubernetes secret `rds-instance-output`. +3. Extract the necessary details (protocol, host, ports, and database name) from the URL. +4. Generate a random hex string for unique identification. +5. Create a pod for port forwarding using the Docker image `ghcr.io/ministryofjustice/hmpps-delius-alfresco-port-forward-pod:latest`. +6. Wait for the pod to become ready. +7. Start port forwarding from the remote RDS instance to the local machine. + +## Signals and Error Handling + +- The script traps signals for interruption (Ctrl+C) and errors, ensuring proper cleanup of the port-forwarding pod. +- If the script fails at any step or is interrupted, it will delete the port-forward pod and exit gracefully. + +## Example + +```sh +./rds-connect.sh dev 5432 +``` + +This example connects to the `dev` environment and sets up port forwarding from the remote RDS instance to local port `5432`. + +## Important Notes + +- The script assumes that the Kubernetes secret `rds-instance-output` exists in the target namespace and contains the key `RDS_JDBC_URL`. +- Pressing Ctrl+C will terminate the port-forwarding session and clean up the pod created for this purpose. + +## Cleanup + +The script automatically deletes the created port-forward pod upon script termination or failure. Manual cleanup should not be necessary. + +## Troubleshooting + +- Ensure your Kubernetes context is set correctly to the cluster containing the target namespace. +- Ensure you have the necessary permissions to create and delete pods and retrieve secrets within the namespace. +- Verify the `ghcr.io/ministryofjustice/hmpps-delius-alfresco-port-forward-pod:latest` image is accessible and that your Kubernetes cluster can pull it. + +--- + +This script is useful for developers and engineers who need to access the RDS instance in HMPPS Delius Alfresco environments securely and conveniently. diff --git a/tools/scripts/rds-connect.sh b/tools/scripts/rds-connect.sh new file mode 100755 index 0000000..0c1f163 --- /dev/null +++ b/tools/scripts/rds-connect.sh @@ -0,0 +1,66 @@ +#!/usr/bin/env bash + +# trap ctrl-c and call ctrl_c() +trap ctrl_c INT +# trap fail and call fail() +trap fail ERR + +main() { + env=$1 + + if [ "$env" == "poc" ]; then + namespace="hmpps-delius-alfrsco-${env}" + else + namespace="hmpps-delius-alfresco-${env}" + fi + echo "Connecting to RDS in namespace $namespace" + + # get RDS connection url + URL=$(kubectl get secrets rds-instance-output --namespace ${namespace} -o json | jq -r ".data.RDS_JDBC_URL | @base64d") + # extract host and port + HOST=$(echo $URL | cut -d '/' -f 3 | cut -d ':' -f 1) + # extract database name + DATABASE_NAME=$(echo "$URL" | awk -F'/' '{print $NF}') + # extract protocol/jdbc + PROTOCOL=$(echo $URL | awk -F'://' '{print $1}') + # extract remote port + REMOTE_PORT=$(echo $URL | cut -d '/' -f 3 | cut -d ':' -f 2) + # if custom local port not provided, use remote port + if [ -z "$2" ]; then + LOCAL_PORT=$REMOTE_PORT + else + LOCAL_PORT=$2 + fi + # generate random hex string + RANDOM_HEX=$(openssl rand -hex 4) + # start port forwarding + kubectl run port-forward-pod-${RANDOM_HEX} --image=ghcr.io/ministryofjustice/hmpps-delius-alfresco-port-forward-pod:latest --port ${LOCAL_PORT} --env="REMOTE_HOST=$HOST" --env="LOCAL_PORT=$LOCAL_PORT" --env="REMOTE_PORT=$REMOTE_PORT" --namespace ${namespace}; + # wait for pod to start + kubectl wait --for=condition=ready pod/port-forward-pod-${RANDOM_HEX} --timeout=30s --namespace ${namespace} + printf "\nPort forwarding started, connecting to $HOST:$REMOTE_PORT \n" + printf "\n****************************************************\n" + printf "Connect to ${PROTOCOL}://localhost:$LOCAL_PORT/$DATABASE_NAME locally\n" + printf "Press Ctrl+C to stop port forwarding \n" + printf "****************************************************\n\n" + # start the local port forwarding session + kubectl port-forward --namespace ${namespace} port-forward-pod-${RANDOM_HEX} $LOCAL_PORT:$LOCAL_PORT; +} + +fail() { + printf "\n\nPort forwarding failed" + kubectl delete pod port-forward-pod-${RANDOM_HEX} --force --grace-period=0 --namespace ${namespace} + exit 1 +} + +ctrl_c() { + printf "\n\nStopping port forwarding" + kubectl delete pod port-forward-pod-${RANDOM_HEX} --force --grace-period=0 --namespace ${namespace} + exit 0 +} + +if [ -z "$1" ]; then + echo "env not provided" + echo "Usage: rds-connect.sh " + exit 1 +fi +main $1 $2