fix: remove obsolete scripts (#7720)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-12-14 11:57:48 +00:00 · 2023-06-30 16:14:25 +02:00 · 2023-06-30 16:14:25 +02:00 · a30089f483
commit a30089f483
parent ec549b99cb
8 changed files with 0 additions and 496 deletions
--- a/scripts/README.md
+++ b/scripts/README.md
@ -1,22 +0,0 @@
-Use these scripts to prepare the controller for work.
-All these scripts should be launched from the root folder of the project.
-
-### generate-server-cert.sh ###
-Generates TLS certificate and key that used by webhook server. Example:
-`scripts/generate-server-cert.sh --service=kyverno-svc --namespace=my_namespace --serverIp=192.168.10.117`
-* `--service` identifies the service for in-cluster webhook server. Do not specify it if you plan to run webhook server outside the cluster, or cpecify 'localhost' if you want to run controller locally.
-* `--namespace` identifies the namespace for in-cluster webhook server. Do not specify it if you plan to run controller locally.
-* `--serverIp` is the IP of master node, it can be found in `~/.kube/config`: clusters.cluster[0].server. You should explicitly specify it.
-
-### deploy-controller.sh ###
-Prepares controller for free (local) or in-cluster use. Uses `generate-server-cert.sh` inside and has the same parameters with almost same meaning:
-* `--service` - the name of the service which will be created for the controller. Use 'localhost' value to deploy controller locally. The default is 'kube-policu-svc'
-* `--namespace` - the target namespace to deploy the controller. Do not specify it if you want to depoloy controller locally.
-* `--serverIp` means the same as for `generate-server-cert.sh`
-Examples:
-`scripts/deploy-controller.sh --service=my-kyverno --namespace=my_namespace --serverIp=192.168.10.117` - deploy controller to the cluster with master node '192.168.10.117' to the namespace 'my_namespace' as a service 'my-kyverno'
-`scripts/deploy-controller.sh --service=localhost --serverIp=192.168.10.117` - deploy controller locally for usage in cluster with master node at '192.168.10.117'
-
-
-### update-codegen.sh ###
-Generates additional code for controller object. You should resolve all dependencies before using it, see main Readme for details.
--- a/scripts/create-e2e-infrastruture.sh
+++ b/scripts/create-e2e-infrastruture.sh
@ -1,27 +0,0 @@
-#!/bin/sh
-set -e
-
-pwd=$(pwd)
-hash=$(git describe --match "[0-9].[0-9]-dev*")
-#
-## Install Kind
-curl -Lo "$pwd"/kind https://kind.sigs.k8s.io/dl/v0.11.0/kind-linux-amd64
-chmod a+x "$pwd"/kind
-
-## Create Kind Cluster
-if [ -z "${KIND_IMAGE}" ]; then
-    "$pwd"/kind create cluster
-else
-    "$pwd"/kind create cluster --image="${KIND_IMAGE}"
-fi
-
-"$pwd"/kind load docker-image ghcr.io/kyverno/kyverno:"$hash"
-"$pwd"/kind load docker-image ghcr.io/kyverno/kyvernopre:"$hash"
-
-pwd=$(pwd)
-cd "$pwd"/config
-echo "Installing kustomize"
-curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/56d82a8378dfc8dc3b3b1085e5a6e67b82966bd7/hack/install_kustomize.sh"  | bash  # v4.5.7
-kustomize edit set image ghcr.io/kyverno/kyverno:"$hash"
-kustomize edit set image ghcr.io/kyverno/kyvernopre:"$hash"
-kustomize build "$pwd"/config/ -o "$pwd"/config/install.yaml
--- a/scripts/deploy-controller-debug.sh
+++ b/scripts/deploy-controller-debug.sh
@ -1,35 +0,0 @@
-#!/bin/bash
-
-for i in "$@"
-do
-case $i in
-    --service=*)
-    service="${i#*=}"
-    shift
-    ;;
-    --serverIP=*)
-    serverIP="${i#*=}"
-    shift
-    ;;
-esac
-done
-
-if [ -z "${serverIP}" ]; then
-  echo -e "Please specify '--serverIP' where Kyverno controller runs."
-  exit 1
-fi
-
-if [ -z "${service}" ]; then
-  service="localhost"
-fi
-
-echo "service is $service"
-echo "serverIP is $serverIP"
-
-echo "Generating certificate for the service ${service}..."
-
-certsGenerator="./scripts/generate-self-signed-cert-and-k8secrets-debug.sh"
-chmod +x "${certsGenerator}"
-
-${certsGenerator} "--service=${service}" "--serverIP=${serverIP}" || exit 2
-echo -e "\n### You can build and run kyverno project locally.\n### To check its work, run it with flags --kubeconfig and --serverIP parameters."
--- a/scripts/deploy-controller.sh
+++ b/scripts/deploy-controller.sh
@ -1,63 +0,0 @@
-#!/bin/bash
-
-for i in "$@"
-do
-case $i in
-    --service=*)
-    service_name="${i#*=}"
-    shift
-    ;;
-    --namespace=*)
-    namespace="${i#*=}"
-    shift
-    ;;
-    --serverIp=*)
-    serverIp="${i#*=}"
-    shift
-    ;;
-esac
-done
-
-hub_user_name="nirmata"
-project_name="kyverno"
-
-if [ -z "${service_name}" ]; then
-  service_name="${project_name}-svc"
-fi
-echo "Generating certificate for the service ${service_name}..."
-
-certsGenerator="./scripts/generate-server-cert.sh"
-chmod +x "${certsGenerator}"
-
-if [ -z "${namespace}" ]; then # controller should be launched locally
-
-  ${certsGenerator} "--service=${service_name}" "--serverIp=${serverIp}" || exit 2
-
-  kubectl delete -f config/install.yaml
-  kubectl create -f config/install.yaml || exit 3
-
-  echo -e "\n### You can build and run kyverno project locally.\n### To check its work, run it with parameters -cert, -key and -kubeconfig parameters (see paths of -cert and -key in the log above)."
-
-else # controller should be launched within a cluster
-
-  ${certsGenerator} "--service=${service_name}" "--namespace=${namespace}" "--serverIp=${serverIp}" || exit 2
-
-  secret_name="${project_name}-secret"
-  echo "Generating secret ${secret_name}..."
-  kubectl delete secret "${secret_name}" 2>/dev/null
-  kubectl create secret generic "${secret_name}" --namespace "${namespace}" --from-file=./certs || exit 3
-
-  echo "Creating the service ${service_name}..."
-  kubectl delete -f crd/service.yaml
-  kubectl create -f crd/service.yaml || exit 4
-
-  echo "Creating deployment..."
-  kubectl delete -f crd/deployment.yaml
-  kubectl create -f crd/deployment.yaml || exit 5
-
-  kubectl delete -f crd/crd.yaml
-  kubectl create -f crd/crd.yaml || exit 3
-
-  echo -e "\n### Controller is running in cluster.\n### You can use compile-image.sh to rebuild its image and then the current script to redeploy the controller.\n### Check its work by 'kubectl logs <controller_pod> command'"
-
-fi
--- a/scripts/generate-self-signed-cert-and-k8secrets-debug.sh
+++ b/scripts/generate-self-signed-cert-and-k8secrets-debug.sh
@ -1,75 +0,0 @@
-#!/bin/bash
-
-for i in "$@"
-do
-case $i in
-    --service=*)
-    service="${i#*=}"
-    shift
-    ;;
-    --serverIP=*)
-    serverIP="${i#*=}"
-    shift
-    ;;
-esac
-done
-
-if [ "$service" == "" ]; then
-    service="kyverno-svc"
-fi
-
-destdir="certs"
-if [ ! -d "$destdir" ]; then
-  mkdir ${destdir} || exit 1
-fi
-
-tmpdir=$(mktemp -d)
-cat <<EOF >> ${tmpdir}/csr.conf
-[req]
-req_extensions      = v3_req
-distinguished_name  = req_distinguished_name
-[req_distinguished_name]
-[ v3_req ]
-basicConstraints    = CA:FALSE
-keyUsage            = nonRepudiation, digitalSignature, keyEncipherment
-extendedKeyUsage    = serverAuth
-subjectAltName      = @alt_names
-[alt_names]
-DNS.1               = ${service}
-IP.1                = ${serverIP}
-EOF
-
-if [ ! -z "${service}" ]; then
-    subjectCN="${service}"
-else
-  subjectCN=${serverIP}
-fi
-
-echo "Generating self-signed certificate for CN=${subjectCN}"
-# generate priv key for root CA
-openssl genrsa -out ${destdir}/rootCA.key 4096 
-# generate root CA
-openssl req -x509 -new -nodes -key ${destdir}/rootCA.key -sha256 -days 1024 -out ${destdir}/rootCA.crt -subj "/CN=${subjectCN}"
-# generate priv key
-openssl genrsa -out ${destdir}/webhook.key 4096
-# generate certificate
-openssl req -new -key ${destdir}/webhook.key -out ${destdir}/webhook.csr -subj "/CN=${subjectCN}" -config ${tmpdir}/csr.conf
-# sign the certificate using the root CA
-openssl x509 -req -in ${destdir}/webhook.csr -CA ${destdir}/rootCA.crt -CAkey ${destdir}/rootCA.key -CAcreateserial -out ${destdir}/webhook.crt -days 1024 -sha256 -extensions v3_req  -extfile ${tmpdir}/csr.conf
-
-
-kubectl delete -f config/install_debug.yaml 2>/dev/null
-kubectl delete namespace kyverno 2>/dev/null
-
-echo "Generating corresponding kubernetes secrets for TLS pair and root CA"
-# create project namespace
-kubectl create ns kyverno
-# create tls pair secret
-kubectl -n kyverno create secret tls ${service}.kyverno.svc.kyverno-tls-pair --cert=${destdir}/webhook.crt --key=${destdir}/webhook.key
-# annotate tls pair secret to specify use of self-signed certificates and check if root CA is created as secret
-kubectl annotate secret ${service}.kyverno.svc.kyverno-tls-pair -n kyverno self-signed-cert=true
-# create root CA secret
-kubectl -n kyverno create secret generic ${service}.kyverno.svc.kyverno-tls-ca --from-file=${destdir}/rootCA.crt
-
-echo "Creating CRD"
-kubectl apply -f config/install_debug.yaml
--- a/scripts/generate-self-signed-cert-and-k8secrets.sh
+++ b/scripts/generate-self-signed-cert-and-k8secrets.sh
@ -1,54 +0,0 @@
-#!/bin/bash
-
-
-for i in "$@"
-do
-case $i in
-    --service=*)
-    service="${i#*=}"
-    shift
-    ;;
-    --namespace=*)
-    namespace="${i#*=}"
-    shift
-    ;;
-esac
-done
-
-if [ "$service" == "" ]; then
-    service="kyverno-svc"
-fi
-
-
-if [ "$namespace" == "" ]; then
-    namespace="kyverno"
-fi
-
-echo "service is $service"
-echo "namespace is $namespace"
-
-echo "Generating self-signed certificate"
-# generate priv key for root CA
-openssl genrsa -out rootCA.key 4096
-# generate root CA
-openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.crt -subj "/C=US/ST=test/L=test /O=test /OU=PIB/CN=*.${namespace}.svc/emailAddress=test@test.com"
-# generate priv key
-openssl genrsa -out webhook.key 4096
-# generate certificate
-openssl req -new -key webhook.key -out webhook.csr -subj "/C=US/ST=test /L=test /O=test /OU=PIB/CN=${service}.${namespace}.svc/emailAddress=test@test.com"
-
-# generate SANs
-echo "subjectAltName = DNS:kyverno-svc,DNS:${service}.${namespace},DNS:${service}.${namespace}.svc" >> webhook.ext
-
-# sign the certificate using the root CA
-openssl x509 -req -in webhook.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out webhook.crt -days 1024 -sha256
-
-echo "Generating corresponding kubernetes secrets for TLS pair and root CA"
-# create project namespace
-kubectl create ns ${namespace}
-# create tls pair secret
-kubectl -n ${namespace} create secret tls ${service}.${namespace}.svc.kyverno-tls-pair --cert=webhook.crt --key=webhook.key
-# annotate tls pair secret to specify use of self-signed certificates and check if root CA is created as secret
-kubectl annotate secret ${service}.${namespace}.svc.kyverno-tls-pair -n ${namespace} self-signed-cert=true
-# create root CA secret
-kubectl -n ${namespace} create secret generic ${service}.${namespace}.svc.kyverno-tls-ca --from-file=rootCA.crt
--- a/scripts/generate-server-cert.sh
+++ b/scripts/generate-server-cert.sh
@ -1,88 +0,0 @@
-#!/bin/bash
-
-for i in "$@"
-do
-case $i in
-    --service=*)
-    service="${i#*=}"
-    shift
-    ;;
-    --namespace=*)
-    namespace="${i#*=}"
-    shift
-    ;;
-    --serverIp=*)
-    serverIp="${i#*=}"
-    shift
-    ;;
-esac
-done
-
-echo "service is $service"
-echo "namespace is $namespace"
-echo "serverIp is $serverIp"
-
-destdir="certs"
-if [ ! -d "$destdir" ]; then
-  mkdir ${destdir} || exit 1
-fi
-tmpdir=$(mktemp -d)
-
-cat <<EOF >> "${tmpdir}/csr.conf"
-[req]
-req_extensions = v3_req
-distinguished_name = req_distinguished_name
-[req_distinguished_name]
-[ v3_req ]
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-extendedKeyUsage = serverAuth
-subjectAltName = @alt_names
-[alt_names]
-DNS.1 = ${service}
-DNS.2 = ${service}.${namespace}
-DNS.3 = ${service}.${namespace}.svc
-DNS.4 = ${serverIp}
-EOF
-
-outKeyFile=${destdir}/server-key.pem
-outCertFile=${destdir}/server.crt
-
-openssl genrsa -out ${outKeyFile} 2048 || exit 2
-
-if [ ! -z "${service}" ]; then
-  if [ ! -z "${namespace}" ]; then
-    subjectCN="${service}.${namespace}.svc"
-  else
-    subjectCN="${service}"
-  fi
-else
-  subjectCN="${serverIp}"
-fi
-echo "Generating certificate for CN=${subjectCN}"
-openssl req -new -key "${destdir}/server-key.pem" -subj "/CN=${subjectCN}" -out "${tmpdir}/server.csr" -config "${tmpdir}/csr.conf" || exit 3
-
-CSR_NAME=${service}.cert-request
-kubectl delete csr "${CSR_NAME}" 2>/dev/null
-
-cat <<EOF | kubectl create -f -
-apiVersion: certificates.k8s.io/v1beta1
-kind: CertificateSigningRequest
-metadata:
-  name: "${CSR_NAME}"
-spec:
-  groups:
-  - system:authenticated
-  request: $(cat "${tmpdir}/server.csr" | base64 | tr -d '\n')
-  usages:
-  - digital signature
-  - key encipherment
-  - server auth
-EOF
-
-kubectl certificate approve "${CSR_NAME}" || exit 4
-kubectl get csr "${CSR_NAME}" -o jsonpath='{.status.certificate}' | base64 --decode > "${outCertFile}" || exit 5
-
-echo "Generated:"
-echo "${outKeyFile}"
-echo "${outCertFile}"
--- a/scripts/verify-deployment.sh
+++ b/scripts/verify-deployment.sh
@ -1,132 +0,0 @@
-#!/bin/bash
-# Waits for a deployment to complete.
-#
-# Includes a two-step approach:
-#
-# 1. Wait for the observed generation to match the specified one.
-# 2. Waits for the number of available replicas to match the specified one.
-#
-
-set -o errexit
-set -o pipefail
-set -o nounset
-# -m enables job control which is otherwise only enabled in interactive mode
-set -m
-
-DEFAULT_TIMEOUT=60
-DEFAULT_NAMESPACE=default
-
-monitor_timeout() {
-  local -r wait_pid="$1"
-  sleep "${timeout}"
-  echo "Timeout ${timeout} exceeded" >&2
-  kubectl --namespace "${namespace}" get pods
-  docker images | grep "kyverno"
-  kubectl --namespace "${namespace}" describe deployment "${deployment}"
-  kubectl --namespace "${namespace}" logs -l app=kyverno
-  kill "${wait_pid}"
-}
-
-get_generation() {
-  get_deployment_jsonpath '{.metadata.generation}'
-}
-
-get_observed_generation() {
-  get_deployment_jsonpath '{.status.observedGeneration}'
-}
-
-get_specified_replicas() {
-  get_deployment_jsonpath '{.spec.replicas}'
-}
-
-get_replicas() {
-  get_deployment_jsonpath '{.status.replicas}'
-}
-
-get_updated_replicas() {
-  get_deployment_jsonpath '{.status.updatedReplicas}'
-}
-
-get_available_replicas() {
-  get_deployment_jsonpath '{.status.availableReplicas}'
-}
-
-get_deployment_jsonpath() {
-  local -r jsonpath="$1"
-
-  kubectl --namespace "${namespace}" get deployment "${deployment}" -o "jsonpath=${jsonpath}"
-}
-
-display_usage_and_exit() {
-  echo "Usage: $(basename "$0") [-n <namespace>] [-t <timeout>] <deployment>" >&2
-  echo "Arguments:" >&2
-  echo "deployment REQUIRED: The name of the deployment the script should wait on" >&2
-  echo "-n OPTIONAL: The namespace the deployment exists in, defaults is the 'default' namespace" >&2
-  echo "-t OPTIONAL: How long to wait for the deployment to be available, defaults to ${DEFAULT_TIMEOUT} seconds, must be greater than 0" >&2
-  exit 1
-}
-
-namespace=${DEFAULT_NAMESPACE}
-timeout=${DEFAULT_TIMEOUT}
-
-while getopts ':n:t:' arg
-do
-    case ${arg} in
-        n) namespace=${OPTARG};;
-        t) timeout=${OPTARG};;
-        *) display_usage_and_exit
-    esac
-done
-
-shift $((OPTIND-1))
-if [ "$#" -ne 1 ] ; then
-  display_usage_and_exit
-fi
-readonly deployment="$1"
-
-if [[ ${timeout} -le 0 ]]; then
-  display_usage_and_exit
-fi
-
-echo "Waiting for deployment of ${deployment} in namespace ${namespace} with a timeout ${timeout} seconds"
-
-monitor_timeout $$ &
-readonly timeout_monitor_pid=$!
-
-trap 'kill -- -${timeout_monitor_pid}' EXIT #Stop timeout monitor
-
-generation=$(get_generation);  readonly generation
-current_generation=$(get_observed_generation)
-
-echo "Expected generation for deployment ${deployment}: ${generation}"
-while [[ ${current_generation} -lt ${generation} ]]; do
-  sleep .5
-  echo "Currently observed generation: ${current_generation}"
-  current_generation=$(get_observed_generation)
-done
-echo "Observed expected generation: ${current_generation}"
-
-specified_replicas="$(get_specified_replicas)"; readonly specified_replicas
-echo "Specified replicas: ${specified_replicas}"
-
-current_replicas=$(get_replicas)
-updated_replicas=$(get_updated_replicas)
-available_replicas=$(get_available_replicas)
-
-while [[ ${updated_replicas} -lt ${specified_replicas} || ${current_replicas} -gt ${updated_replicas} || ${available_replicas} -lt ${updated_replicas} ]]; do
-  sleep .5
-  echo "current/updated/available replicas: ${current_replicas}/${updated_replicas}/${available_replicas}, waiting"
-  current_replicas=$(get_replicas)
-  updated_replicas=$(get_updated_replicas)
-  available_replicas=$(get_available_replicas)
-done
-
-echo "Deployment ${deployment} successful. All ${available_replicas} replicas are ready."
-
-mutatingwebhookconfigurations=$(kubectl get mutatingwebhookconfigurations | wc -l)
-validatingwebhookconfigurations=$(kubectl get validatingwebhookconfigurations | wc -l)
-while [[ ${mutatingwebhookconfigurations} -lt 4 || ${validatingwebhookconfigurations} -lt 3 ]]; do
-  sleep 5
-done
-
-echo "All webhooks are registered."