wip

Author: Moritz Clasmeier

cmd/deploy.go

@@ -5,28 +5,18 @@ import (
 
 	"github.com/fatih/color"
 	"github.com/spf13/cobra"
+	"github.com/stackrox/roxie/internal/deployer"
 )
 
 var (
 	// Global flags
-	verbose                bool
-	earlyReadiness         bool
-	olm                    bool
-	konflux                bool
-	deployOperator         bool
-	portForwarding         bool
-	pauseReconciliation    bool
-	overrideFile           string
-	overrideSetExpressions []string
-	exposure               string
-	resources              string
-	shell                  string
-	envrc                  string
-	singleNamespace        bool
-	tag                    string
-	featureFlags           []string
-	centralWait            string
-	securedClusterWait     string
+	verbose bool
+	shell   string
+	envrc   string
+	dryRun  bool
+
+	// We need this set up before command line flags are parsed.
+	deploySettings = deployer.NewConfig()
 )
 
 func main() {
@@ -48,9 +38,9 @@ Red Hat Advanced Cluster Security (ACS) on any Kubernetes/OpenShift cluster.`,
 
 func init() {
 	rootCmd.PersistentFlags().BoolVarP(&verbose, "verbose", "v", false, "Enable verbose output (show CRs)")
-	rootCmd.PersistentFlags().BoolVar(&earlyReadiness, "early-readiness", true, "Only wait for essential workloads (central/sensor) to be ready")
-	rootCmd.AddCommand(newDeployCmd())
-	rootCmd.AddCommand(newTeardownCmd())
+	rootCmd.PersistentFlags().BoolVar(&dryRun, "dry-run", false, "Do not actually modify cluster")
+	rootCmd.AddCommand(newDeployCmd(&deploySettings))
+	rootCmd.AddCommand(newTeardownCmd(&deploySettings))
 	rootCmd.AddCommand(newVersionCmd())
 	rootCmd.AddCommand(newEnvCmd())
 	rootCmd.AddCommand(newLogsCmd())

cmd/main.go

@@ -11,6 +11,7 @@ import (
 	"github.com/stackrox/roxie/internal/deployer"
 	"github.com/stackrox/roxie/internal/env"
 	"github.com/stackrox/roxie/internal/logger"
+	"github.com/stackrox/roxie/internal/types"
 )
 
 func spawnSubshell(d *deployer.Deployer, log *logger.Logger) error {
@@ -29,45 +30,44 @@ func spawnSubshell(d *deployer.Deployer, log *logger.Logger) error {
 
 	env := os.Environ()
 
-	endpoint, password, caCertFile, kubeContext, exposure := d.GetDeploymentInfo()
+	centralDeploymentInfo := d.GetCentralDeploymentInfo()
 
-	if endpoint != "" {
-		env = append(env, fmt.Sprintf("API_ENDPOINT=%s", endpoint))
-		env = append(env, fmt.Sprintf("ROX_ENDPOINT=%s", endpoint))
-		env = append(env, fmt.Sprintf("ROX_BASE_URL=https://%s", endpoint))
+	if centralDeploymentInfo.Endpoint != "" {
+		env = append(env, fmt.Sprintf("API_ENDPOINT=%s", centralDeploymentInfo.Endpoint))
+		env = append(env, fmt.Sprintf("ROX_ENDPOINT=%s", centralDeploymentInfo.Endpoint))
+		env = append(env, fmt.Sprintf("ROX_BASE_URL=https://%s", centralDeploymentInfo.Endpoint))
 	}
 
-	if password != "" {
-		env = append(env, fmt.Sprintf("ROX_ADMIN_PASSWORD=%s", password))
+	if centralDeploymentInfo.Password != "" {
+		env = append(env, fmt.Sprintf("ROX_ADMIN_PASSWORD=%s", centralDeploymentInfo.Password))
 	}
 
-	if caCertFile != "" {
-		env = append(env, fmt.Sprintf("ROX_CA_CERT_FILE=%s", caCertFile))
+	if centralDeploymentInfo.CACertFile != "" {
+		env = append(env, fmt.Sprintf("ROX_CA_CERT_FILE=%s", centralDeploymentInfo.CACertFile))
 	}
 
 	env = append(env, fmt.Sprintf("ROX_USERNAME=%s", deployer.AdminUsername))
 	env = append(env, "ROXIE_SHELL=1")
-	env = append(env, fmt.Sprintf("name=acs@%s", kubeContext))
+	env = append(env, fmt.Sprintf("name=acs@%s", centralDeploymentInfo.KubeContext))
 
 	haproxyAvailable := isHAProxyAvailable()
 
 	var haproxyCmd *exec.Cmd
 	var haproxyConfigPath string
-	var haproxyStarted bool
 
-	if haproxyAvailable && endpoint != "" && caCertFile != "" {
+	if haproxyAvailable && centralDeploymentInfo.Endpoint != "" && centralDeploymentInfo.CACertFile != "" {
 		var err error
-		haproxyCmd, haproxyConfigPath, err = startHAProxy(endpoint, caCertFile, log)
+		haproxyCmd, haproxyConfigPath, err = startHAProxy(centralDeploymentInfo.Endpoint, centralDeploymentInfo.CACertFile, log)
 		if err != nil {
 			log.Warningf("Failed to start HAProxy: %v", err)
 		} else {
 			env = append(env, fmt.Sprintf("ROXIE_HAPROXY_CFG_FILE=%s", haproxyConfigPath))
-			haproxyStarted = true
+			centralDeploymentInfo.HAProxyStarted = true
 			defer cleanupHAProxy(haproxyCmd, haproxyConfigPath)
 		}
 	}
 
-	printBanner(endpoint, exposure, haproxyAvailable, haproxyStarted)
+	printBanner(centralDeploymentInfo)
 
 	shellCmd := exec.Command(shellPath, "-i")
 	shellCmd.Env = env
@@ -171,7 +171,7 @@ func isHAProxyAvailable() bool {
 	return err == nil
 }
 
-func printBanner(endpoint, exposure string, haproxyAvailable, haproxyStarted bool) {
+func printBanner(centralDeploymentInfo deployer.CentralDeploymentInfo) {
 	cyan := color.New(color.FgCyan, color.Bold)
 	cyan.Println("\n[roxie] Entering a subshell with ACS environment variables set.")
 	cyan.Println("[roxie]")
@@ -181,10 +181,10 @@ func printBanner(endpoint, exposure string, haproxyAvailable, haproxyStarted boo
 	cyan.Println("[roxie]   * roxcurl /v1/clusters")
 	cyan.Println("[roxie]")
 
-	if haproxyStarted {
+	if centralDeploymentInfo.HAProxyStarted {
 		cyan.Println("[roxie] Central UI: http://localhost:8080 (username: admin, password: see $ROX_ADMIN_PASSWORD)")
-	} else if exposure != "none" && exposure != "" {
-		cyan.Printf("[roxie] Central UI: https://%s", endpoint)
+	} else if centralDeploymentInfo.Exposure != types.ExposureNone {
+		cyan.Printf("[roxie] Central UI: https://%s", centralDeploymentInfo.Endpoint)
 	} else if !env.RunningInRoxieContainer {
 		cyan.Println("[roxie] Note: Installing haproxy enables automatic HTTP access to Central at http://localhost:8080")
 	}

cmd/subshell.go

@@ -3,6 +3,7 @@ package main
 import (
 	"context"
 	"fmt"
+	"os"
 	"time"
 
 	"github.com/spf13/cobra"
@@ -12,7 +13,7 @@ import (
 	"github.com/stackrox/roxie/internal/logger"
 )
 
-func newTeardownCmd() *cobra.Command {
+func newTeardownCmd(settings *deployer.Config) *cobra.Command {
 	cmd := &cobra.Command{
 		Use:       "teardown [component]",
 		Short:     "Teardown ACS components",
@@ -22,7 +23,13 @@ func newTeardownCmd() *cobra.Command {
 		RunE:      runTeardown,
 	}
 
-	cmd.Flags().BoolVar(&singleNamespace, "single-namespace", false, "Deploy all components in a single namespace ('stackrox' by default)")
+	cmd.Flags().Var(newConfigShortCut(settings, "bool", func(yamlValue string, settings *deployer.Config) error {
+		// FIXME: make it so that it doesn't require an arg.
+		settings.Central.Namespace = sharedNamespace
+		settings.SecuredCluster.Namespace = sharedNamespace
+		return nil
+	},
+	), "single-namespace", "Deploy all components in a single namespace ('stackrox')")
 
 	return cmd
 }
@@ -40,13 +47,18 @@ func runTeardown(cmd *cobra.Command, args []string) error {
 
 	log.Infof("Tearing down %s", components)
 
+	if dryRun {
+		log.Infof("Existing because of enabled dry-run mode.")
+		os.Exit(0)
+	}
+
 	d, err := deployer.New(log)
 	if err != nil {
 		return fmt.Errorf("failed to create deployer: %w", err)
 	}
 	defer d.Cleanup()
 
-	d.SetSingleNamespace(singleNamespace)
+	d.SetConfig(deploySettings)
 
 	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Minute)
 	defer cancel()

cmd/teardown.go

@@ -47,4 +47,5 @@ require (
 	sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect
 	sigs.k8s.io/randfill v1.0.0 // indirect
 	sigs.k8s.io/structured-merge-diff/v6 v6.3.0 // indirect
+	sigs.k8s.io/yaml v1.6.0 // indirect
 )

go.mod

@@ -66,6 +66,7 @@ github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
 github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
 go.yaml.in/yaml/v2 v2.4.3 h1:6gvOSjQoTB3vt1l+CU+tSyi/HOjfOjRLJ4YwYZGwRO0=
 go.yaml.in/yaml/v2 v2.4.3/go.mod h1:zSxWcmIDjOzPXpjlTTbAsKokqkDNAVtZO0WOMiT90s8=
+go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc=
 go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=
 golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU=
 golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY=