From 38d025f5c326e08610e85c62f1a7a86b387381b6 Mon Sep 17 00:00:00 2001 From: Seth Call Date: Fri, 12 Dec 2025 15:31:23 -0600 Subject: [PATCH] Try to sync crds always with pre-commit --- README.md | 8 +++++ k8s/applications/templates/crds.yaml | 30 +++++++++++++++++++ k8s/{ => crds}/all-crds.yaml | 0 k8s/monitoring/Chart.lock | 6 ++++ k8s/monitoring/values-production.yaml | 2 ++ k8s/monitoring/values-staging.yaml | 2 ++ scripts/setup-hooks.sh | 41 +++++++++++++++++++++++++ scripts/test_coturn.bash | 43 +++++++++++++++++++++++++++ scripts/test_coturn_prd.bash | 43 +++++++++++++++++++++++++++ scripts/test_turn | 17 +++++++++++ scripts/test_turn_playground | 17 +++++++++++ scripts/update-crds.sh | 2 +- 12 files changed, 210 insertions(+), 1 deletion(-) create mode 100644 k8s/applications/templates/crds.yaml rename k8s/{ => crds}/all-crds.yaml (100%) create mode 100644 k8s/monitoring/Chart.lock create mode 100755 scripts/setup-hooks.sh create mode 100755 scripts/test_coturn.bash create mode 100755 scripts/test_coturn_prd.bash create mode 100755 scripts/test_turn create mode 100755 scripts/test_turn_playground diff --git a/README.md b/README.md index 1c195ca..80ac4d5 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,14 @@ This README would normally document whatever steps are necessary to get your app * Version * [Learn Markdown](https://bitbucket.org/tutorials/markdowndemo) +### Development Setup + +1. **Install Pre-commit Hooks** (Required for CRD management): + ```bash + ./scripts/setup-hooks.sh + ``` + This ensures that `k8s/crds/all-crds.yaml` is automatically updated whenever you modify the monitoring Helm chart. + ### How do I get set up? ### * Summary of set up diff --git a/k8s/applications/templates/crds.yaml b/k8s/applications/templates/crds.yaml new file mode 100644 index 0000000..75993da --- /dev/null +++ b/k8s/applications/templates/crds.yaml @@ -0,0 +1,30 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: crds + annotations: + argocd.argoproj.io/sync-wave: "-1" +spec: + destination: + namespace: argocd + server: 'https://kubernetes.default.svc' + source: + path: k8s/crds + repoURL: 'git@bitbucket.org:jamkazam/video-iac.git' + targetRevision: {{ .Values.gitBranch }} + directory: + recurse: true + project: default + syncPolicy: + syncOptions: + - CreateNamespace=true + - ServerSideApply=true + - Replace=true + automated: + prune: true + retry: + limit: 5 + backoff: + duration: 5s + factor: 2 + maxDuration: 3m diff --git a/k8s/all-crds.yaml b/k8s/crds/all-crds.yaml similarity index 100% rename from k8s/all-crds.yaml rename to k8s/crds/all-crds.yaml diff --git a/k8s/monitoring/Chart.lock b/k8s/monitoring/Chart.lock new file mode 100644 index 0000000..a430564 --- /dev/null +++ b/k8s/monitoring/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: kube-prometheus-stack + repository: https://prometheus-community.github.io/helm-charts + version: 75.12.0 +digest: sha256:25f6a7f78be5ec8769638a6fe2b1abec19ce550001941be206eb928db96e09ee +generated: "2025-07-19T09:35:10.545302-05:00" diff --git a/k8s/monitoring/values-production.yaml b/k8s/monitoring/values-production.yaml index 3366b26..0dc750a 100644 --- a/k8s/monitoring/values-production.yaml +++ b/k8s/monitoring/values-production.yaml @@ -5,6 +5,8 @@ rbac: kube-prometheus-stack: + crds: + enabled: false # Disable the default ServiceMonitor configuration paths to prevent duplicates prometheus-node-exporter: diff --git a/k8s/monitoring/values-staging.yaml b/k8s/monitoring/values-staging.yaml index 5badd4d..b1a2a83 100644 --- a/k8s/monitoring/values-staging.yaml +++ b/k8s/monitoring/values-staging.yaml @@ -5,6 +5,8 @@ rbac: kube-prometheus-stack: + crds: + enabled: false # Disable the default ServiceMonitor configuration paths to prevent duplicates prometheus-node-exporter: diff --git a/scripts/setup-hooks.sh b/scripts/setup-hooks.sh new file mode 100755 index 0000000..eb2f9d9 --- /dev/null +++ b/scripts/setup-hooks.sh @@ -0,0 +1,41 @@ +#!/bin/bash +set -e + +HOOK_DIR=".git/hooks" +HOOK_FILE="${HOOK_DIR}/pre-commit" + +if [ ! -d ".git" ]; then + echo "Error: .git directory not found. Run this from the repo root." + exit 1 +fi + +echo "Installing pre-commit hook..." + +cat > "${HOOK_FILE}" << 'EOF' +#!/bin/bash +# Auto-update CRDs if monitoring chart changes + +CHART_DIR="k8s/monitoring/charts" +CRD_SCRIPT="scripts/update-crds.sh" +CRD_FILE="k8s/crds/all-crds.yaml" + +# Check if chart directory has staged changes +if git diff --cached --name-only | grep -q "^${CHART_DIR}"; then + echo "Monitoring chart changed. Updating CRDs..." + + if [ -f "${CRD_SCRIPT}" ]; then + ./${CRD_SCRIPT} + + # Check if CRD file changed + if git diff --name-only "${CRD_FILE}" | grep -q "${CRD_FILE}"; then + echo "CRDs updated. Adding to commit..." + git add "${CRD_FILE}" + fi + else + echo "Warning: ${CRD_SCRIPT} not found. Skipping CRD update." + fi +fi +EOF + +chmod +x "${HOOK_FILE}" +echo "Pre-commit hook installed!" diff --git a/scripts/test_coturn.bash b/scripts/test_coturn.bash new file mode 100755 index 0000000..697ee76 --- /dev/null +++ b/scripts/test_coturn.bash @@ -0,0 +1,43 @@ +#!/bin/bash + +# ----------------Configuration----------------- +# CRITICAL: Replace "YourSecretKeyHere" with your actual static-auth-secret +SECRET="j@mk@Z@3" +IDENTIFIER="testuser1" +DURATION=86400 # Validity duration in seconds (e.g., 600 = 10 minutes) +SERVER_IP="198.58.104.114" +# ---------------------------------------------- + +echo "--- Generating Ephemeral Credentials ---" + +# 1. Calculate the expiration timestamp (Current time + duration) +# This calculation works reliably on both Linux and macOS +EXPIRATION=$(( $(date +%s) + $DURATION )) + +# 2. Construct the Username (format: :) +USERNAME="${EXPIRATION}:${IDENTIFIER}" + +# 3. Generate the Password (HMAC-SHA1 hash of the username, keyed by the secret, then Base64 encoded) +# CRITICAL: 'echo -n' ensures no trailing newline is added to the username before hashing. +# Omitting -n is the most common cause of authentication failure with this mechanism. +PASSWORD=$(echo -n $USERNAME | openssl dgst -sha1 -hmac $SECRET -binary | base64) + +# 4. Print the credentials +echo "--------------------------------------------------" +echo "Generated Username: $USERNAME" +echo "Generated Password: $PASSWORD" +# Optional: Print the start of the secret to verify which one is being used +# echo "Secret Used (start): ${SECRET:0:5}..." +echo "--------------------------------------------------" +echo "" + +# 5. Invoke turnutils_uclient +echo "--- Invoking turnutils_uclient against $SERVER_IP ---" +# Flags used: +# -y: Use the server address as the remote peer address for the test loopback. +# This allows the client to verify that the relay is functional by sending data through it back to itself. +# -v: Verbose output. +# -u: Username. +# -w: Password. + +turnutils_uclient -e 136.49.107.143 -v -u "$USERNAME" -w "$PASSWORD" $SERVER_IP diff --git a/scripts/test_coturn_prd.bash b/scripts/test_coturn_prd.bash new file mode 100755 index 0000000..6d0b470 --- /dev/null +++ b/scripts/test_coturn_prd.bash @@ -0,0 +1,43 @@ +#!/bin/bash + +# ----------------Configuration----------------- +# CRITICAL: Replace "YourSecretKeyHere" with your actual static-auth-secret +SECRET="j@mk@Z@3" +IDENTIFIER="testuser1" +DURATION=86400 # Validity duration in seconds (e.g., 600 = 10 minutes) +SERVER_IP="coturn.video.jamkazam.com" +# ---------------------------------------------- + +echo "--- Generating Ephemeral Credentials ---" + +# 1. Calculate the expiration timestamp (Current time + duration) +# This calculation works reliably on both Linux and macOS +EXPIRATION=$(( $(date +%s) + $DURATION )) + +# 2. Construct the Username (format: :) +USERNAME="${EXPIRATION}:${IDENTIFIER}" + +# 3. Generate the Password (HMAC-SHA1 hash of the username, keyed by the secret, then Base64 encoded) +# CRITICAL: 'echo -n' ensures no trailing newline is added to the username before hashing. +# Omitting -n is the most common cause of authentication failure with this mechanism. +PASSWORD=$(echo -n $USERNAME | openssl dgst -sha1 -hmac $SECRET -binary | base64) + +# 4. Print the credentials +echo "--------------------------------------------------" +echo "Generated Username: $USERNAME" +echo "Generated Password: $PASSWORD" +# Optional: Print the start of the secret to verify which one is being used +# echo "Secret Used (start): ${SECRET:0:5}..." +echo "--------------------------------------------------" +echo "" + +# 5. Invoke turnutils_uclient +echo "--- Invoking turnutils_uclient against $SERVER_IP ---" +# Flags used: +# -y: Use the server address as the remote peer address for the test loopback. +# This allows the client to verify that the relay is functional by sending data through it back to itself. +# -v: Verbose output. +# -u: Username. +# -w: Password. + +turnutils_uclient -e 136.49.107.143 -v -u "$USERNAME" -w "$PASSWORD" $SERVER_IP diff --git a/scripts/test_turn b/scripts/test_turn new file mode 100755 index 0000000..ff13ef4 --- /dev/null +++ b/scripts/test_turn @@ -0,0 +1,17 @@ +# 1. Set your secret +SECRET="j@mk@Z@3" + +# 2. Create a username (Current time + 1 day expiration : "testuser") +# $(date +%s) gets current timestamp, 86400 is 24 hours in seconds +TIMESTAMP=$(($(date +%s) + 86400)) +USERNAME="${TIMESTAMP}:testuser" + +# 3. Generate the password +PASSWORD=$(echo -n $USERNAME | openssl dgst -sha1 -hmac $SECRET -binary | base64) +# 4. Print results +echo "Username: $USERNAME" +echo "Password: $PASSWORD" + +turnutils_uclient -y -v -u "$USERNAME" -w "$PASSWORD" coturn.video.jamkazam.com + + diff --git a/scripts/test_turn_playground b/scripts/test_turn_playground new file mode 100755 index 0000000..af12c85 --- /dev/null +++ b/scripts/test_turn_playground @@ -0,0 +1,17 @@ +# 1. Set your secret +SECRET="j@mk@Z@3" + +# 2. Create a username (Current time + 1 day expiration : "testuser") +# $(date +%s) gets current timestamp, 86400 is 24 hours in seconds +TIMESTAMP=$(($(date +%s) + 86400)) +USERNAME="${TIMESTAMP}:testuser" + +# 3. Generate the password +PASSWORD=$(echo -n $USERNAME | openssl dgst -sha1 -hmac $SECRET -binary | base64) +# 4. Print results +echo "Username: $USERNAME" +echo "Password: $PASSWORD" + +turnutils_uclient -y -v -u "$USERNAME" -w "$PASSWORD" 198.58.104.114 + + diff --git a/scripts/update-crds.sh b/scripts/update-crds.sh index b8ca67f..3cd6947 100755 --- a/scripts/update-crds.sh +++ b/scripts/update-crds.sh @@ -5,7 +5,7 @@ set -e SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" ROOT_DIR="${SCRIPT_DIR}/.." CHART_PATH="${ROOT_DIR}/k8s/monitoring/charts/kube-prometheus-stack-75.12.0.tgz" -OUTPUT_FILE="${ROOT_DIR}/k8s/all-crds.yaml" +OUTPUT_FILE="${ROOT_DIR}/k8s/crds/all-crds.yaml" TEMP_DIR=$(mktemp -d) echo "Extracting CRDs from ${CHART_PATH}..."