🔨 Add scripts to easily port-forward non k8s services

tools/scripts/amq-connect.md

@@ -0,0 +1,74 @@
+# AMQ Connect Script
+
+This script provides a way to connect to the Amazon MQ (ActiveMQ) console within a specified Kubernetes namespace by setting up port forwarding. The script targets HMPPS Delius Alfresco environments.
+
+## Usage
+
+```sh
+./amq-connect.sh <env> [local_port]
+```
+
+- `env`: Required. The environment you want to connect to (e.g., `dev`, `poc`, `prod`).
+- `local_port`: Optional. The local port for port forwarding. If not provided, the remote port will be used.
+
+## Features
+
+- Automatically determines the appropriate namespace based on the environment provided.
+- Retrieves the AMQ console URL from Kubernetes secrets.
+- Sets up port forwarding to allow local access to the AMQ console.
+
+## Environment Mapping
+
+The environment (`<env>`) parameter maps to Kubernetes namespaces as follows:
+
+- `poc` -> `hmpps-delius-alfrsco-poc`
+- Other environments (e.g., `dev`, `prod`) -> `hmpps-delius-alfresco-<env>`
+
+## Prerequisites
+
+- Ensure you have `kubectl` installed and configured to interact with the appropriate Kubernetes cluster.
+- Ensure the `jq` utility is installed for JSON parsing.
+- Ensure OpenSSL is installed for generating random hex strings.
+- Ensure the Docker image `ghcr.io/ministryofjustice/hmpps-delius-alfresco-port-forward-pod:latest` is available and accessible.
+
+## Steps Performed by the Script
+
+1. Validate the input and determine the Kubernetes namespace based on the provided environment (`env`).
+2. Retrieve the ActiveMQ console URL from the Kubernetes secret `amazon-mq-broker-secret`.
+3. Extract the necessary details (protocol, host, and ports) from the URL.
+4. Generate a random hex string for unique identification.
+5. Create a pod for port forwarding using the Docker image `ghcr.io/ministryofjustice/hmpps-delius-alfresco-port-forward-pod:latest`.
+6. Wait for the pod to become ready.
+7. Start port forwarding from the remote MQ console to the local machine.
+
+## Signals and Error Handling
+
+- The script traps signals for interruption (Ctrl+C) and errors, ensuring proper cleanup of the port-forwarding pod.
+- If the script fails at any step or is interrupted, it will delete the port-forward pod and exit gracefully.
+
+## Example
+
+```sh
+./amq-connect.sh dev 8080
+```
+
+This example connects to the `dev` environment and sets up port forwarding from the remote MQ console to local port `8080`.
+
+## Important Notes
+
+- The script assumes that the Kubernetes secret `amazon-mq-broker-secret` exists in the target namespace and contains the key `BROKER_CONSOLE_URL`.
+- Pressing Ctrl+C will terminate the port-forwarding session and clean up the pod created for this purpose.
+
+## Cleanup
+
+The script automatically deletes the created port-forward pod upon script termination or failure. Manual cleanup should not be necessary.
+
+## Troubleshooting
+
+- Ensure your Kubernetes context is set correctly to the cluster containing the target namespace.
+- Ensure you have the necessary permissions to create and delete pods and retrieve secrets within the namespace.
+- Verify the `ghcr.io/ministryofjustice/hmpps-delius-alfresco-port-forward-pod:latest` image is accessible and that your Kubernetes cluster can pull it.
+
+---
+
+This script is useful for developers and engineers who need to access the ActiveMQ console in HMPPS Delius Alfresco environments securely and conveniently.

tools/scripts/amq-connect.sh

@@ -0,0 +1,62 @@
+#!/usr/bin/env bash
+
+# trap ctrl-c and call ctrl_c()
+trap ctrl_c INT
+# trap fail and call fail()
+trap fail ERR
+
+main() {        
+    env=$1
+    if [ "$env" == "poc" ]; then
+        namespace="hmpps-delius-alfrsco-${env}"
+    else 
+        namespace="hmpps-delius-alfresco-${env}"
+    fi
+    echo "Connecting to AMQ Console in namespace $namespace"
+
+    # get amq connection url
+    URL=$(kubectl get secrets amazon-mq-broker-secret --namespace ${namespace} -o json | jq -r ".data.BROKER_CONSOLE_URL | @base64d")
+    # extract host and port
+    HOST=$(echo $URL | cut -d '/' -f 3 | cut -d ':' -f 1)
+    # extract protocol
+    PROTOCOL=$(echo $URL | awk -F'://' '{print $1}')
+    # extract remote port
+    REMOTE_PORT=$(echo $URL | cut -d '/' -f 3 | cut -d ':' -f 2)
+    # if custom local port not provided, use remote port
+    if [ -z "$2" ]; then
+        LOCAL_PORT=$REMOTE_PORT
+    else
+        LOCAL_PORT=$2
+    fi
+    # generate random hex string
+    RANDOM_HEX=$(openssl rand -hex 4)
+    # start port forwarding
+    kubectl run port-forward-pod-${RANDOM_HEX} --image=ghcr.io/ministryofjustice/hmpps-delius-alfresco-port-forward-pod:latest --port ${LOCAL_PORT} --env="REMOTE_HOST=$HOST" --env="LOCAL_PORT=$LOCAL_PORT" --env="REMOTE_PORT=$REMOTE_PORT" --namespace ${namespace};
+    # wait for pod to start
+    kubectl wait --for=condition=ready pod/port-forward-pod-${RANDOM_HEX} --timeout=30s --namespace ${namespace}
+    printf "\nPort forwarding started, connecting to $HOST:$REMOTE_PORT \n"
+    printf "\n****************************************************\n"
+    printf "Connect to ${PROTOCOL}://localhost:$LOCAL_PORT locally\n"
+    printf "Press Ctrl+C to stop port forwarding \n"
+    printf "****************************************************\n\n"
+    # start the local port forwarding session
+    kubectl port-forward --namespace ${namespace} port-forward-pod-${RANDOM_HEX} $LOCAL_PORT:$LOCAL_PORT;
+}
+
+fail() {
+    printf "\n\nPort forwarding failed"
+    kubectl delete pod port-forward-pod-${RANDOM_HEX} --force --grace-period=0  --namespace ${namespace}
+    exit 1
+}
+ctrl_c() {
+    printf "\n\nStopping port forwarding"
+    kubectl delete pod port-forward-pod-${RANDOM_HEX} --force --grace-period=0  --namespace ${namespace}
+    exit 0
+}
+
+if [ -z "$1" ]; then
+    echo "env not provided"
+    echo "Usage: amq-connect.sh <env>"
+    exit 1
+fi
+main $1 $2

tools/scripts/opensearch-connect.md

@@ -0,0 +1,66 @@
+# Opensearch Connect Script
+
+This script provides a convenient way to connect to the Opensearch service within a specified Kubernetes namespace by setting up port forwarding. The script targets HMPPS Delius Alfresco environments.
+
+## Usage
+
+```sh
+./opensearch-connect.sh <env> [local_port]
+```
+
+- `env`: Required. The environment you want to connect to (e.g., `dev`, `poc`, `prod`).
+- `local_port`: Optional. The local port for port forwarding (defaults to `8080` if not specified).
+
+## Features
+
+- Automatically determines the appropriate namespace based on the environment provided.
+- Identifies the pod running the Opensearch proxy within the namespace.
+- Sets up port forwarding to allow local access to the Opensearch service.
+
+## Environment Mapping
+
+The environment (`<env>`) parameter maps to Kubernetes namespaces as follows:
+
+- `poc` -> `hmpps-delius-alfrsco-poc`
+- Other environments (e.g., `dev`, `prod`) -> `hmpps-delius-alfresco-<env>`
+
+## Prerequisites
+
+- Ensure you have `kubectl` installed and configured to interact with the appropriate Kubernetes cluster.
+
+## Steps Performed by the Script
+
+1. Validate the input and determine the Kubernetes namespace based on the provided environment (`env`).
+2. Identify the Opensearch proxy pod running in the target namespace.
+3. Set up port forwarding from the specified or default local port (`8080`) to the Opensearch service.
+
+## Signals and Error Handling
+
+- The script traps signals for interruption (Ctrl+C) and errors, ensuring graceful exit.
+- If the script fails at any step or is interrupted, it will terminate the port-forwarding session and exit gracefully.
+
+## Example
+
+```sh
+./opensearch-connect.sh dev 9090
+```
+
+This example connects to the `dev` environment and sets up port forwarding from the remote Opensearch service to local port `9090`.
+
+## Important Notes
+
+- The script assumes that the target namespace contains a pod with the name containing `opensearch-proxy-cloud-platform`.
+- Pressing Ctrl+C will terminate the port-forwarding session.
+
+## Cleanup
+
+The script does not create any resources that require manual cleanup. The local port forwarding session will terminate upon script exit.
+
+## Troubleshooting
+
+- Ensure your Kubernetes context is set correctly to the cluster containing the target namespace.
+- Ensure you have the necessary permissions to retrieve pods within the namespace.
+
+---
+
+This script is useful for developers and engineers who need to access the Opensearch service in HMPPS Delius Alfresco environments securely and conveniently.

tools/scripts/opensearch-connect.sh

@@ -0,0 +1,48 @@
+#!/usr/bin/env bash
+
+# trap ctrl-c and call ctrl_c()
+trap ctrl_c INT
+# trap fail and call fail()
+trap fail ERR
+
+main() {        
+    env=$1
+
+    if [ "$env" == "poc" ]; then
+        namespace="hmpps-delius-alfrsco-${env}"
+    else 
+        namespace="hmpps-delius-alfresco-${env}"
+    fi
+    echo "Connecting to Opensearch in namespace $namespace"
+
+    if [ -z "$2" ]; then
+        PORT=8080
+    else
+        PORT=$2
+    fi
+
+    # get opensearch proxy pod name
+    OPENSEARCH_PROXY_POD=$(kubectl get pods | grep 'opensearch-proxy-cloud-platform' | awk '{print $1}')
+    printf "\n****************************************************\n"
+    printf "Connect to http://localhost:$PORT locally\n"
+    printf "Press Ctrl+C to stop port forwarding \n"
+    printf "****************************************************\n\n"
+    # start the local port forwarding session
+    kubectl port-forward $OPENSEARCH_PROXY_POD $PORT:8080 --namespace ${namespace}
+}
+
+fail() {
+    printf "\n\nPort forwarding failed"
+    exit 1
+}
+ctrl_c() {
+    printf "\n\nStopping port forwarding"
+    exit 0
+}
+
+if [ -z "$1" ]; then
+    echo "env not provided"
+    echo "Usage: opensearch-connect.sh <env>"
+    exit 1
+fi
+main $1 $2

tools/scripts/rds-connect.md

@@ -0,0 +1,74 @@
+# RDS Connect Script
+
+This script provides a convenient way to connect to an RDS (Relational Database Service) instance within a specified Kubernetes namespace by setting up port forwarding. The script targets HMPPS Delius Alfresco environments.
+
+## Usage
+
+```sh
+./rds-connect.sh <env> [local_port]
+```
+
+- `env`: Required. The environment you want to connect to (e.g., `dev`, `poc`, `prod`).
+- `local_port`: Optional. The local port for port forwarding (defaults to the remote port if not specified).
+
+## Features
+
+- Automatically determines the appropriate namespace based on the environment provided.
+- Retrieves the RDS JDBC URL from Kubernetes secrets.
+- Sets up port forwarding to allow local access to the RDS instance.
+
+## Environment Mapping
+
+The environment (`<env>`) parameter maps to Kubernetes namespaces as follows:
+
+- `poc` -> `hmpps-delius-alfrsco-poc`
+- Other environments (e.g., `dev`, `prod`) -> `hmpps-delius-alfresco-<env>`
+
+## Prerequisites
+
+- Ensure you have `kubectl` installed and configured to interact with the appropriate Kubernetes cluster.
+- Ensure the `jq` utility is installed for JSON parsing.
+- Ensure OpenSSL is installed for generating random hex strings.
+- Ensure the Docker image `ghcr.io/ministryofjustice/hmpps-delius-alfresco-port-forward-pod:latest` is available and accessible.
+
+## Steps Performed by the Script
+
+1. Validate the input and determine the Kubernetes namespace based on the provided environment (`env`).
+2. Retrieve the RDS JDBC URL from the Kubernetes secret `rds-instance-output`.
+3. Extract the necessary details (protocol, host, ports, and database name) from the URL.
+4. Generate a random hex string for unique identification.
+5. Create a pod for port forwarding using the Docker image `ghcr.io/ministryofjustice/hmpps-delius-alfresco-port-forward-pod:latest`.
+6. Wait for the pod to become ready.
+7. Start port forwarding from the remote RDS instance to the local machine.
+
+## Signals and Error Handling
+
+- The script traps signals for interruption (Ctrl+C) and errors, ensuring proper cleanup of the port-forwarding pod.
+- If the script fails at any step or is interrupted, it will delete the port-forward pod and exit gracefully.
+
+## Example
+
+```sh
+./rds-connect.sh dev 5432
+```
+
+This example connects to the `dev` environment and sets up port forwarding from the remote RDS instance to local port `5432`.
+
+## Important Notes
+
+- The script assumes that the Kubernetes secret `rds-instance-output` exists in the target namespace and contains the key `RDS_JDBC_URL`.
+- Pressing Ctrl+C will terminate the port-forwarding session and clean up the pod created for this purpose.
+
+## Cleanup
+
+The script automatically deletes the created port-forward pod upon script termination or failure. Manual cleanup should not be necessary.
+
+## Troubleshooting
+
+- Ensure your Kubernetes context is set correctly to the cluster containing the target namespace.
+- Ensure you have the necessary permissions to create and delete pods and retrieve secrets within the namespace.
+- Verify the `ghcr.io/ministryofjustice/hmpps-delius-alfresco-port-forward-pod:latest` image is accessible and that your Kubernetes cluster can pull it.
+
+---
+
+This script is useful for developers and engineers who need to access the RDS instance in HMPPS Delius Alfresco environments securely and conveniently.

tools/scripts/rds-connect.sh

@@ -0,0 +1,66 @@
+#!/usr/bin/env bash
+
+# trap ctrl-c and call ctrl_c()
+trap ctrl_c INT
+# trap fail and call fail()
+trap fail ERR
+
+main() {
+    env=$1
+
+    if [ "$env" == "poc" ]; then
+        namespace="hmpps-delius-alfrsco-${env}"
+    else 
+        namespace="hmpps-delius-alfresco-${env}"
+    fi
+    echo "Connecting to RDS in namespace $namespace"
+
+    # get RDS connection url
+    URL=$(kubectl get secrets rds-instance-output --namespace ${namespace} -o json | jq -r ".data.RDS_JDBC_URL | @base64d")
+    # extract host and port
+    HOST=$(echo $URL | cut -d '/' -f 3 | cut -d ':' -f 1)
+    # extract database name
+    DATABASE_NAME=$(echo "$URL" | awk -F'/' '{print $NF}')
+    # extract protocol/jdbc
+    PROTOCOL=$(echo $URL | awk -F'://' '{print $1}')
+    # extract remote port
+    REMOTE_PORT=$(echo $URL | cut -d '/' -f 3 | cut -d ':' -f 2)
+    # if custom local port not provided, use remote port
+    if [ -z "$2" ]; then
+        LOCAL_PORT=$REMOTE_PORT
+    else
+        LOCAL_PORT=$2
+    fi
+    # generate random hex string
+    RANDOM_HEX=$(openssl rand -hex 4)
+    # start port forwarding
+    kubectl run port-forward-pod-${RANDOM_HEX} --image=ghcr.io/ministryofjustice/hmpps-delius-alfresco-port-forward-pod:latest --port ${LOCAL_PORT} --env="REMOTE_HOST=$HOST" --env="LOCAL_PORT=$LOCAL_PORT" --env="REMOTE_PORT=$REMOTE_PORT" --namespace ${namespace}; 
+    # wait for pod to start
+    kubectl wait --for=condition=ready pod/port-forward-pod-${RANDOM_HEX} --timeout=30s --namespace ${namespace}
+    printf "\nPort forwarding started, connecting to $HOST:$REMOTE_PORT \n"
+    printf "\n****************************************************\n"
+    printf "Connect to ${PROTOCOL}://localhost:$LOCAL_PORT/$DATABASE_NAME locally\n"
+    printf "Press Ctrl+C to stop port forwarding \n"
+    printf "****************************************************\n\n"
+    # start the local port forwarding session
+    kubectl port-forward --namespace ${namespace} port-forward-pod-${RANDOM_HEX} $LOCAL_PORT:$LOCAL_PORT;
+}
+
+fail() {
+    printf "\n\nPort forwarding failed"
+    kubectl delete pod port-forward-pod-${RANDOM_HEX} --force --grace-period=0 --namespace ${namespace}
+    exit 1
+}
+
+ctrl_c() {
+    printf "\n\nStopping port forwarding"
+    kubectl delete pod port-forward-pod-${RANDOM_HEX} --force --grace-period=0  --namespace ${namespace}
+    exit 0
+}
+
+if [ -z "$1" ]; then
+    echo "env not provided"
+    echo "Usage: rds-connect.sh <env>"
+    exit 1
+fi
+main $1 $2