VMware ESXi (#87)

* VMware esxi support
emberstack · Sep 13, 2020 · 7436b80 · 7436b80
1 parent 36e5273
commit 7436b80
Show file tree

Hide file tree

Showing 6 changed files with 327 additions and 18 deletions.
diff --git a/src/ES.Kubernetes.Reflector.CertManager/SecretEtcher.cs b/src/ES.Kubernetes.Reflector.CertManager/SecretEtcher.cs
@@ -160,6 +160,18 @@ void MatchAnnotations(Dictionary<string, string> pairs)
                 {
                     Annotations.CertManagerCertificate.SecretUbiquitiCertificate,
                     Annotations.Reflection.UbiquitiCertificate
+                },
+                {
+                    Annotations.CertManagerCertificate.SecretVMwareEnabled,
+                    Annotations.Reflection.VMwareEnabled
+                },
+                {
+                    Annotations.CertManagerCertificate.SecretVMwareHosts,
+                    Annotations.Reflection.VMwareHosts
+                },
+                {
+                    Annotations.CertManagerCertificate.SecretVMwareCertificate,
+                    Annotations.Reflection.VMwareCertificate
                 }
             });
 

diff --git a/src/ES.Kubernetes.Reflector.Core/Constants/Annotations.cs b/src/ES.Kubernetes.Reflector.Core/Constants/Annotations.cs
@@ -24,6 +24,14 @@ public static class Reflection
             public static string UbiquitiHosts => $"{Prefix}/reflection-ubiquiti-hosts";
             public static string UbiquitiCertificate => $"{Prefix}/reflection-ubiquiti-certificate";
 
+            #endregion
+
+            #region VMware
+
+            public static string VMwareEnabled => $"{Prefix}/reflection-vmware-enabled";
+            public static string VMwareHosts => $"{Prefix}/reflection-vmware-hosts";
+            public static string VMwareCertificate => $"{Prefix}/reflection-vmware-certificate";
+
             #endregion
 
             public static string AutoReflects => $"{Prefix}/auto-reflects";
@@ -51,6 +59,14 @@ public static class CertManagerCertificate
             public static string SecretUbiquitiCertificate => $"{Prefix}/secret-reflection-ubiquiti-certificate";
 
             #endregion
+
+            #region VMware
+
+            public static string SecretVMwareEnabled => $"{Prefix}/secret-reflection-vmware-enabled";
+            public static string SecretVMwareHosts => $"{Prefix}/secret-reflection-vmware-hosts";
+            public static string SecretVMwareCertificate => $"{Prefix}/secret-reflection-vmware-certificate";
+
+            #endregion
         }
     }
 }
diff --git a/src/ES.Kubernetes.Reflector.Core/Extensions/MetadataExtensions.cs b/src/ES.Kubernetes.Reflector.Core/Extensions/MetadataExtensions.cs
@@ -166,5 +166,34 @@ public static string UbiquitiCertificate(this V1ObjectMeta metadata)
         }
 
         #endregion
+
+        #region VMware
+
+        public static bool VMwareReflectionEnabled(this V1ObjectMeta metadata)
+        {
+            if (metadata.SafeAnnotations().TryGetValue(Annotations.Reflection.VMwareEnabled, out var raw) &&
+                bool.TryParse(raw, out var value))
+                return value;
+            return false;
+        }
+
+        public static string[] VMwareReflectionHosts(this V1ObjectMeta metadata)
+        {
+            return metadata.SafeAnnotations().TryGetValue(Annotations.Reflection.VMwareHosts, out var raw)
+                ? string.IsNullOrWhiteSpace(raw) ? Array.Empty<string>() :
+                raw.Split(new[] {","}, StringSplitOptions.RemoveEmptyEntries)
+                    .Where(s => !string.IsNullOrWhiteSpace(s))
+                    .Select(s => s.Trim()).Distinct().ToArray()
+                : Array.Empty<string>();
+        }
+
+        public static string VMwareCertificate(this V1ObjectMeta metadata)
+        {
+            return metadata.SafeAnnotations().TryGetValue(Annotations.Reflection.VMwareCertificate, out var raw)
+                ? string.IsNullOrWhiteSpace(raw) ? null : raw
+                : null;
+        }
+
+        #endregion
     }
 }
diff --git a/src/ES.Kubernetes.Reflector.Secrets/SecretsModule.cs b/src/ES.Kubernetes.Reflector.Secrets/SecretsModule.cs
@@ -10,9 +10,11 @@ protected override void Load(ContainerBuilder builder)
             builder.RegisterType<SecretMirror>().AsImplementedInterfaces().AsSelf().SingleInstance();
             builder.RegisterType<FortiMirror>().AsImplementedInterfaces().AsSelf().SingleInstance();
             builder.RegisterType<UbiquitiMirror>().AsImplementedInterfaces().AsSelf().SingleInstance();
+            builder.RegisterType<VMwareMirror>().AsImplementedInterfaces().AsSelf().SingleInstance();
             builder.AddHealthCheck<SecretMirror>();
             builder.AddHealthCheck<FortiMirror>();
             builder.AddHealthCheck<UbiquitiMirror>();
+            builder.AddHealthCheck<VMwareMirror>();
         }
     }
 }
diff --git a/src/ES.Kubernetes.Reflector.Secrets/UbiquitiMirror.cs b/src/ES.Kubernetes.Reflector.Secrets/UbiquitiMirror.cs
@@ -107,21 +107,15 @@ private async Task OnEvent(WatcherEvent<V1Secret> e)
             if (!e.Item.Metadata.ReflectionAllowed() || !e.Item.Metadata.UbiquitiReflectionEnabled()) return;
             if (!e.Item.Type.Equals("kubernetes.io/tls", StringComparison.InvariantCultureIgnoreCase)) return;
 
-
-            var caCrt = Encoding.Default.GetString(item.Data["ca.crt"]);
+            _logger.LogDebug("Ubiquiti enabled using host secret {secretId}.", secretId);
+
             var tlsCrt = Encoding.Default.GetString(item.Data["tls.crt"]);
             var tlsKey = Encoding.Default.GetString(item.Data["tls.key"]);
-            var tlsCerts = tlsCrt.Split(new[] {"-----END CERTIFICATE-----"}, StringSplitOptions.RemoveEmptyEntries)
-                .Select(s => s.TrimStart())
-                .Where(s => !string.IsNullOrWhiteSpace(s))
-                .Select(s => $"{s}-----END CERTIFICATE-----")
-                .ToList();
-
-            var hostSecretIds = item.Metadata.UbiquitiReflectionHosts().Select(s => new KubernetesObjectId(s)).ToList();
-            var certName = item.Metadata.UbiquitiCertificate();
-            var certId = !string.IsNullOrWhiteSpace(certName)
-                ? certName
-                : item.Metadata.Name.Substring(0, Math.Min(item.Metadata.Name.Length, 30));
+
+            var hostSecretIds =
+                item.Metadata.UbiquitiReflectionHosts()
+                    .Select(s => new KubernetesObjectId(s))
+                    .ToList();
 
             foreach (var hostSecretId in hostSecretIds)
             {
@@ -213,23 +207,26 @@ private async Task OnEvent(WatcherEvent<V1Secret> e)
                         secretId, hostSecretId);
                     return;
                 }
-                
+
                 _logger.LogDebug("Configuring new Let's Encrypt certs on Ubiquiti device at {host}", hostAddress);
                 client.RunCommand($"echo \"{tlsCrt}\" > /etc/ssl/private/cloudkey.crt");
                 client.RunCommand($"echo \"{tlsKey}\" > /etc/ssl/private/cloudkey.key");
 
-                client.RunCommand("rm -f /etc/ssl/private/cert.tar /etc/ssl/private/unifi.keystore.jks /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/private/fullchain.pem");
+                client.RunCommand(
+                    "rm -f /etc/ssl/private/cert.tar /etc/ssl/private/unifi.keystore.jks /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/private/fullchain.pem");
 
-                client.RunCommand("openssl pkcs12 -export -in /etc/ssl/private/cloudkey.crt -inkey /etc/ssl/private/cloudkey.key -out /etc/ssl/private/cloudkey.p12 -name unifi -password pass:aircontrolenterprise");
+                client.RunCommand(
+                    "openssl pkcs12 -export -in /etc/ssl/private/cloudkey.crt -inkey /etc/ssl/private/cloudkey.key -out /etc/ssl/private/cloudkey.p12 -name unifi -password pass:aircontrolenterprise");
 
-                client.RunCommand("keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore /usr/lib/unifi/data/keystore -srckeystore /etc/ssl/private/cloudkey.p12 -srcstoretype PKCS12 -srcstorepass aircontrolenterprise -alias unifi");
+                client.RunCommand(
+                    "keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore /usr/lib/unifi/data/keystore -srckeystore /etc/ssl/private/cloudkey.p12 -srcstoretype PKCS12 -srcstorepass aircontrolenterprise -alias unifi");
 
                 client.RunCommand("rm -f /etc/ssl/private/cloudkey.p12");
                 client.RunCommand("tar -cvf /etc/ssl/private/cert.tar /etc/ssl/private/*");
                 client.RunCommand("chown root:ssl-cert /etc/ssl/private/*");
                 client.RunCommand("chmod 640 /etc/ssl/private/*");
 
-                _logger.LogDebug("Testing Nginx and restarting on Ubiquiti device at {host}", hostAddress);
+                _logger.LogDebug("Restarting on Ubiquiti device at {host}", hostAddress);
                 client.RunCommand("systemctl restart nginx; systemctl restart unifi");
 
                 client.Disconnect();