seth
/
video-iac
mirror of https://bitbucket.org/jamkazam/video-iac.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Try to sync crds always with pre-commit

This commit is contained in:
Seth Call 2025-12-12 15:31:23 -06:00
parent 4261fda83b
commit 38d025f5c3
12 changed files with 210 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@ -8,6 +8,14 @@ This README would normally document whatever steps are necessary to get your app
* Version * Version
* [Learn Markdown](https://bitbucket.org/tutorials/markdowndemo) * [Learn Markdown](https://bitbucket.org/tutorials/markdowndemo)
### Development Setup
1. **Install Pre-commit Hooks** (Required for CRD management):
```bash
./scripts/setup-hooks.sh
```
This ensures that `k8s/crds/all-crds.yaml` is automatically updated whenever you modify the monitoring Helm chart.
### How do I get set up? ### ### How do I get set up? ###
* Summary of set up * Summary of set up

30
k8s/applications/templates/crds.yaml Normal file
View File

@ -0,0 +1,30 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: crds
annotations:
argocd.argoproj.io/sync-wave: "-1"
spec:
destination:
namespace: argocd
server: 'https://kubernetes.default.svc'
source:
path: k8s/crds
repoURL: 'git@bitbucket.org:jamkazam/video-iac.git'
targetRevision: {{ .Values.gitBranch }}
directory:
recurse: true
project: default
syncPolicy:
syncOptions:
- CreateNamespace=true
- ServerSideApply=true
- Replace=true
automated:
prune: true
retry:
limit: 5
backoff:
duration: 5s
factor: 2
maxDuration: 3m

0
k8s/all-crds.yaml → k8s/crds/all-crds.yaml
View File

6
k8s/monitoring/Chart.lock Normal file
View File

@ -0,0 +1,6 @@
dependencies:
- name: kube-prometheus-stack
repository: https://prometheus-community.github.io/helm-charts
version: 75.12.0
digest: sha256:25f6a7f78be5ec8769638a6fe2b1abec19ce550001941be206eb928db96e09ee
generated: "2025-07-19T09:35:10.545302-05:00"

2
k8s/monitoring/values-production.yaml
View File

@ -5,6 +5,8 @@ rbac:
kube-prometheus-stack: kube-prometheus-stack:
crds:
enabled: false
# Disable the default ServiceMonitor configuration paths to prevent duplicates # Disable the default ServiceMonitor configuration paths to prevent duplicates
prometheus-node-exporter: prometheus-node-exporter:

2
k8s/monitoring/values-staging.yaml
View File

@ -5,6 +5,8 @@ rbac:
kube-prometheus-stack: kube-prometheus-stack:
crds:
enabled: false
# Disable the default ServiceMonitor configuration paths to prevent duplicates # Disable the default ServiceMonitor configuration paths to prevent duplicates
prometheus-node-exporter: prometheus-node-exporter:

41
scripts/setup-hooks.sh Executable file
View File

@ -0,0 +1,41 @@
#!/bin/bash
set -e
HOOK_DIR=".git/hooks"
HOOK_FILE="${HOOK_DIR}/pre-commit"
if [ ! -d ".git" ]; then
echo "Error: .git directory not found. Run this from the repo root."
exit 1
fi
echo "Installing pre-commit hook..."
cat > "${HOOK_FILE}" << 'EOF'
#!/bin/bash
# Auto-update CRDs if monitoring chart changes
CHART_DIR="k8s/monitoring/charts"
CRD_SCRIPT="scripts/update-crds.sh"
CRD_FILE="k8s/crds/all-crds.yaml"
# Check if chart directory has staged changes
if git diff --cached --name-only | grep -q "^${CHART_DIR}"; then
echo "Monitoring chart changed. Updating CRDs..."
if [ -f "${CRD_SCRIPT}" ]; then
./${CRD_SCRIPT}
# Check if CRD file changed
if git diff --name-only "${CRD_FILE}" | grep -q "${CRD_FILE}"; then
echo "CRDs updated. Adding to commit..."
git add "${CRD_FILE}"
fi
else
echo "Warning: ${CRD_SCRIPT} not found. Skipping CRD update."
fi
fi
EOF
chmod +x "${HOOK_FILE}"
echo "Pre-commit hook installed!"

43
scripts/test_coturn.bash Executable file
View File

@ -0,0 +1,43 @@
#!/bin/bash
# ----------------Configuration-----------------
# CRITICAL: Replace "YourSecretKeyHere" with your actual static-auth-secret
SECRET="j@mk@Z@3"
IDENTIFIER="testuser1"
DURATION=86400 # Validity duration in seconds (e.g., 600 = 10 minutes)
SERVER_IP="198.58.104.114"
# ----------------------------------------------
echo "--- Generating Ephemeral Credentials ---"
# 1. Calculate the expiration timestamp (Current time + duration)
# This calculation works reliably on both Linux and macOS
EXPIRATION=$(( $(date +%s) + $DURATION ))
# 2. Construct the Username (format: <expiration>:<identifier>)
USERNAME="${EXPIRATION}:${IDENTIFIER}"
# 3. Generate the Password (HMAC-SHA1 hash of the username, keyed by the secret, then Base64 encoded)
# CRITICAL: 'echo -n' ensures no trailing newline is added to the username before hashing.
# Omitting -n is the most common cause of authentication failure with this mechanism.
PASSWORD=$(echo -n $USERNAME | openssl dgst -sha1 -hmac $SECRET -binary | base64)
# 4. Print the credentials
echo "--------------------------------------------------"
echo "Generated Username: $USERNAME"
echo "Generated Password: $PASSWORD"
# Optional: Print the start of the secret to verify which one is being used
# echo "Secret Used (start): ${SECRET:0:5}..."
echo "--------------------------------------------------"
echo ""
# 5. Invoke turnutils_uclient
echo "--- Invoking turnutils_uclient against $SERVER_IP ---"
# Flags used:
# -y: Use the server address as the remote peer address for the test loopback.
# This allows the client to verify that the relay is functional by sending data through it back to itself.
# -v: Verbose output.
# -u: Username.
# -w: Password.
turnutils_uclient -e 136.49.107.143 -v -u "$USERNAME" -w "$PASSWORD" $SERVER_IP

43
scripts/test_coturn_prd.bash Executable file
View File

@ -0,0 +1,43 @@
#!/bin/bash
# ----------------Configuration-----------------
# CRITICAL: Replace "YourSecretKeyHere" with your actual static-auth-secret
SECRET="j@mk@Z@3"
IDENTIFIER="testuser1"
DURATION=86400 # Validity duration in seconds (e.g., 600 = 10 minutes)
SERVER_IP="coturn.video.jamkazam.com"
# ----------------------------------------------
echo "--- Generating Ephemeral Credentials ---"
# 1. Calculate the expiration timestamp (Current time + duration)
# This calculation works reliably on both Linux and macOS
EXPIRATION=$(( $(date +%s) + $DURATION ))
# 2. Construct the Username (format: <expiration>:<identifier>)
USERNAME="${EXPIRATION}:${IDENTIFIER}"
# 3. Generate the Password (HMAC-SHA1 hash of the username, keyed by the secret, then Base64 encoded)
# CRITICAL: 'echo -n' ensures no trailing newline is added to the username before hashing.
# Omitting -n is the most common cause of authentication failure with this mechanism.
PASSWORD=$(echo -n $USERNAME | openssl dgst -sha1 -hmac $SECRET -binary | base64)
# 4. Print the credentials
echo "--------------------------------------------------"
echo "Generated Username: $USERNAME"
echo "Generated Password: $PASSWORD"
# Optional: Print the start of the secret to verify which one is being used
# echo "Secret Used (start): ${SECRET:0:5}..."
echo "--------------------------------------------------"
echo ""
# 5. Invoke turnutils_uclient
echo "--- Invoking turnutils_uclient against $SERVER_IP ---"
# Flags used:
# -y: Use the server address as the remote peer address for the test loopback.
# This allows the client to verify that the relay is functional by sending data through it back to itself.
# -v: Verbose output.
# -u: Username.
# -w: Password.
turnutils_uclient -e 136.49.107.143 -v -u "$USERNAME" -w "$PASSWORD" $SERVER_IP

17
scripts/test_turn Executable file
View File

@ -0,0 +1,17 @@
# 1. Set your secret
SECRET="j@mk@Z@3"
# 2. Create a username (Current time + 1 day expiration : "testuser")
# $(date +%s) gets current timestamp, 86400 is 24 hours in seconds
TIMESTAMP=$(($(date +%s) + 86400))
USERNAME="${TIMESTAMP}:testuser"
# 3. Generate the password
PASSWORD=$(echo -n $USERNAME | openssl dgst -sha1 -hmac $SECRET -binary | base64)
# 4. Print results
echo "Username: $USERNAME"
echo "Password: $PASSWORD"
turnutils_uclient -y -v -u "$USERNAME" -w "$PASSWORD" coturn.video.jamkazam.com

17
scripts/test_turn_playground Executable file
View File

@ -0,0 +1,17 @@
# 1. Set your secret
SECRET="j@mk@Z@3"
# 2. Create a username (Current time + 1 day expiration : "testuser")
# $(date +%s) gets current timestamp, 86400 is 24 hours in seconds
TIMESTAMP=$(($(date +%s) + 86400))
USERNAME="${TIMESTAMP}:testuser"
# 3. Generate the password
PASSWORD=$(echo -n $USERNAME | openssl dgst -sha1 -hmac $SECRET -binary | base64)
# 4. Print results
echo "Username: $USERNAME"
echo "Password: $PASSWORD"
turnutils_uclient -y -v -u "$USERNAME" -w "$PASSWORD" 198.58.104.114

2
scripts/update-crds.sh
View File

@ -5,7 +5,7 @@ set -e
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
ROOT_DIR="${SCRIPT_DIR}/.." ROOT_DIR="${SCRIPT_DIR}/.."
CHART_PATH="${ROOT_DIR}/k8s/monitoring/charts/kube-prometheus-stack-75.12.0.tgz" CHART_PATH="${ROOT_DIR}/k8s/monitoring/charts/kube-prometheus-stack-75.12.0.tgz"
OUTPUT_FILE="${ROOT_DIR}/k8s/all-crds.yaml" OUTPUT_FILE="${ROOT_DIR}/k8s/crds/all-crds.yaml"
TEMP_DIR=$(mktemp -d) TEMP_DIR=$(mktemp -d)
echo "Extracting CRDs from ${CHART_PATH}..." echo "Extracting CRDs from ${CHART_PATH}..."