Try to sync crds always with pre-commit

2025-12-12 15:31:23 -06:00 · 2025-12-12 15:31:23 -06:00 · 38d025f5c3
parent 4261fda83b
commit 38d025f5c3
12 changed files with 210 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -8,6 +8,14 @@ This README would normally document whatever steps are necessary to get your app
 * Version
 * [Learn Markdown](https://bitbucket.org/tutorials/markdowndemo)

+### Development Setup
+
+1.  **Install Pre-commit Hooks** (Required for CRD management):
+    ```bash
+    ./scripts/setup-hooks.sh
+    ```
+    This ensures that `k8s/crds/all-crds.yaml` is automatically updated whenever you modify the monitoring Helm chart.
+
 ### How do I get set up? ###

 * Summary of set up
--- a/k8s/applications/templates/crds.yaml
+++ b/k8s/applications/templates/crds.yaml
@ -0,0 +1,30 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: crds
+  annotations:
+    argocd.argoproj.io/sync-wave: "-1"
+spec:
+  destination:
+    namespace: argocd
+    server: 'https://kubernetes.default.svc'
+  source:
+    path: k8s/crds
+    repoURL: 'git@bitbucket.org:jamkazam/video-iac.git'
+    targetRevision: {{ .Values.gitBranch }}
+    directory:
+      recurse: true
+  project: default
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true
+      - Replace=true
+    automated: 
+      prune: true 
+    retry:
+      limit: 5 
+      backoff:
+        duration: 5s 
+        factor: 2 
+        maxDuration: 3m 
--- a/k8s/crds/all-crds.yaml
+++ b/k8s/crds/all-crds.yaml
--- a/k8s/monitoring/Chart.lock
+++ b/k8s/monitoring/Chart.lock
@ -0,0 +1,6 @@
+dependencies:
+- name: kube-prometheus-stack
+  repository: https://prometheus-community.github.io/helm-charts
+  version: 75.12.0
+digest: sha256:25f6a7f78be5ec8769638a6fe2b1abec19ce550001941be206eb928db96e09ee
+generated: "2025-07-19T09:35:10.545302-05:00"
--- a/k8s/monitoring/values-production.yaml
+++ b/k8s/monitoring/values-production.yaml
@ -5,6 +5,8 @@ rbac:


 kube-prometheus-stack:
+  crds:
+    enabled: false

  # Disable the default ServiceMonitor configuration paths to prevent duplicates
  prometheus-node-exporter:
--- a/k8s/monitoring/values-staging.yaml
+++ b/k8s/monitoring/values-staging.yaml
@ -5,6 +5,8 @@ rbac:


 kube-prometheus-stack:
+  crds:
+    enabled: false

  # Disable the default ServiceMonitor configuration paths to prevent duplicates
  prometheus-node-exporter:
--- a/scripts/setup-hooks.sh
+++ b/scripts/setup-hooks.sh
@ -0,0 +1,41 @@
+#!/bin/bash
+set -e
+
+HOOK_DIR=".git/hooks"
+HOOK_FILE="${HOOK_DIR}/pre-commit"
+
+if [ ! -d ".git" ]; then
+  echo "Error: .git directory not found. Run this from the repo root."
+  exit 1
+fi
+
+echo "Installing pre-commit hook..."
+
+cat > "${HOOK_FILE}" << 'EOF'
+#!/bin/bash
+# Auto-update CRDs if monitoring chart changes
+
+CHART_DIR="k8s/monitoring/charts"
+CRD_SCRIPT="scripts/update-crds.sh"
+CRD_FILE="k8s/crds/all-crds.yaml"
+
+# Check if chart directory has staged changes
+if git diff --cached --name-only | grep -q "^${CHART_DIR}"; then
+  echo "Monitoring chart changed. Updating CRDs..."
+  
+  if [ -f "${CRD_SCRIPT}" ]; then
+    ./${CRD_SCRIPT}
+    
+    # Check if CRD file changed
+    if git diff --name-only "${CRD_FILE}" | grep -q "${CRD_FILE}"; then
+      echo "CRDs updated. Adding to commit..."
+      git add "${CRD_FILE}"
+    fi
+  else
+    echo "Warning: ${CRD_SCRIPT} not found. Skipping CRD update."
+  fi
+fi
+EOF
+
+chmod +x "${HOOK_FILE}"
+echo "Pre-commit hook installed!"
--- a/scripts/test_coturn.bash
+++ b/scripts/test_coturn.bash
@ -0,0 +1,43 @@
+#!/bin/bash
+
+# ----------------Configuration-----------------
+# CRITICAL: Replace "YourSecretKeyHere" with your actual static-auth-secret
+SECRET="j@mk@Z@3"
+IDENTIFIER="testuser1"
+DURATION=86400 # Validity duration in seconds (e.g., 600 = 10 minutes)
+SERVER_IP="198.58.104.114"
+# ----------------------------------------------
+
+echo "--- Generating Ephemeral Credentials ---"
+
+# 1. Calculate the expiration timestamp (Current time + duration)
+# This calculation works reliably on both Linux and macOS
+EXPIRATION=$(( $(date +%s) + $DURATION ))
+
+# 2. Construct the Username (format: <expiration>:<identifier>)
+USERNAME="${EXPIRATION}:${IDENTIFIER}"
+
+# 3. Generate the Password (HMAC-SHA1 hash of the username, keyed by the secret, then Base64 encoded)
+# CRITICAL: 'echo -n' ensures no trailing newline is added to the username before hashing.
+# Omitting -n is the most common cause of authentication failure with this mechanism.
+PASSWORD=$(echo -n $USERNAME | openssl dgst -sha1 -hmac $SECRET -binary | base64)
+
+# 4. Print the credentials
+echo "--------------------------------------------------"
+echo "Generated Username: $USERNAME"
+echo "Generated Password: $PASSWORD"
+# Optional: Print the start of the secret to verify which one is being used
+# echo "Secret Used (start): ${SECRET:0:5}..."
+echo "--------------------------------------------------"
+echo ""
+
+# 5. Invoke turnutils_uclient
+echo "--- Invoking turnutils_uclient against $SERVER_IP ---"
+# Flags used:
+# -y: Use the server address as the remote peer address for the test loopback.
+#     This allows the client to verify that the relay is functional by sending data through it back to itself.
+# -v: Verbose output.
+# -u: Username.
+# -w: Password.
+
+turnutils_uclient  -e 136.49.107.143 -v -u "$USERNAME" -w "$PASSWORD" $SERVER_IP
--- a/scripts/test_coturn_prd.bash
+++ b/scripts/test_coturn_prd.bash
@ -0,0 +1,43 @@
+#!/bin/bash
+
+# ----------------Configuration-----------------
+# CRITICAL: Replace "YourSecretKeyHere" with your actual static-auth-secret
+SECRET="j@mk@Z@3"
+IDENTIFIER="testuser1"
+DURATION=86400 # Validity duration in seconds (e.g., 600 = 10 minutes)
+SERVER_IP="coturn.video.jamkazam.com"
+# ----------------------------------------------
+
+echo "--- Generating Ephemeral Credentials ---"
+
+# 1. Calculate the expiration timestamp (Current time + duration)
+# This calculation works reliably on both Linux and macOS
+EXPIRATION=$(( $(date +%s) + $DURATION ))
+
+# 2. Construct the Username (format: <expiration>:<identifier>)
+USERNAME="${EXPIRATION}:${IDENTIFIER}"
+
+# 3. Generate the Password (HMAC-SHA1 hash of the username, keyed by the secret, then Base64 encoded)
+# CRITICAL: 'echo -n' ensures no trailing newline is added to the username before hashing.
+# Omitting -n is the most common cause of authentication failure with this mechanism.
+PASSWORD=$(echo -n $USERNAME | openssl dgst -sha1 -hmac $SECRET -binary | base64)
+
+# 4. Print the credentials
+echo "--------------------------------------------------"
+echo "Generated Username: $USERNAME"
+echo "Generated Password: $PASSWORD"
+# Optional: Print the start of the secret to verify which one is being used
+# echo "Secret Used (start): ${SECRET:0:5}..."
+echo "--------------------------------------------------"
+echo ""
+
+# 5. Invoke turnutils_uclient
+echo "--- Invoking turnutils_uclient against $SERVER_IP ---"
+# Flags used:
+# -y: Use the server address as the remote peer address for the test loopback.
+#     This allows the client to verify that the relay is functional by sending data through it back to itself.
+# -v: Verbose output.
+# -u: Username.
+# -w: Password.
+
+turnutils_uclient  -e 136.49.107.143 -v -u "$USERNAME" -w "$PASSWORD" $SERVER_IP
--- a/scripts/test_turn
+++ b/scripts/test_turn
@ -0,0 +1,17 @@
+# 1. Set your secret
+SECRET="j@mk@Z@3"
+
+# 2. Create a username (Current time + 1 day expiration : "testuser")
+# $(date +%s) gets current timestamp, 86400 is 24 hours in seconds
+TIMESTAMP=$(($(date +%s) + 86400))
+USERNAME="${TIMESTAMP}:testuser"
+
+# 3. Generate the password
+PASSWORD=$(echo -n $USERNAME | openssl dgst -sha1 -hmac $SECRET -binary | base64)
+# 4. Print results
+echo "Username: $USERNAME"
+echo "Password: $PASSWORD"
+
+turnutils_uclient -y -v -u "$USERNAME" -w "$PASSWORD"  coturn.video.jamkazam.com
+
+
--- a/scripts/test_turn_playground
+++ b/scripts/test_turn_playground
@ -0,0 +1,17 @@
+# 1. Set your secret
+SECRET="j@mk@Z@3"
+
+# 2. Create a username (Current time + 1 day expiration : "testuser")
+# $(date +%s) gets current timestamp, 86400 is 24 hours in seconds
+TIMESTAMP=$(($(date +%s) + 86400))
+USERNAME="${TIMESTAMP}:testuser"
+
+# 3. Generate the password
+PASSWORD=$(echo -n $USERNAME | openssl dgst -sha1 -hmac $SECRET -binary | base64)
+# 4. Print results
+echo "Username: $USERNAME"
+echo "Password: $PASSWORD"
+
+turnutils_uclient -y -v -u "$USERNAME" -w "$PASSWORD"  198.58.104.114
+
+
--- a/scripts/update-crds.sh
+++ b/scripts/update-crds.sh
@ -5,7 +5,7 @@ set -e
 SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 ROOT_DIR="${SCRIPT_DIR}/.."
 CHART_PATH="${ROOT_DIR}/k8s/monitoring/charts/kube-prometheus-stack-75.12.0.tgz"
-OUTPUT_FILE="${ROOT_DIR}/k8s/all-crds.yaml"
+OUTPUT_FILE="${ROOT_DIR}/k8s/crds/all-crds.yaml"
 TEMP_DIR=$(mktemp -d)

 echo "Extracting CRDs from ${CHART_PATH}..."