nais / cli Goto Github PK
View Code? Open in Web Editor NEWA simple NAIS CLI
Home Page: https://docs.nais.io/cli/
License: MIT License
A simple NAIS CLI
Home Page: https://docs.nais.io/cli/
License: MIT License
Når man prøver å bruke appen sine credentials for å nå Kafka får man en uforklarlig feilmelding. Her burde vi heller informere om hva som er riktig måte å gjøre dette på.
Feilmelding:
retrieve secret and generating config: secret is must have at least one of these annotations: 'aivenator.aiven.nais.io/protected', 'aivenator.aiven.nais.io/with-time-limit'
Slack-tråd: https://nav-it.slack.com/archives/C5KUST8N6/p1669289958610019
Dokumentasjonen og NAIS burde kunne bakes inn i nais cli. Begge deler er vel i praksis en form for rotasjon av credentials?
The postgres prepare
command currently only grants privileges to the cloudsqliamuser
role, but does not support downgrading from ALL
to SELECT
nor revoking the privileges entirely.
Some users would like an option to revoke these privileges.
See discussion on Slack: https://nav-it.slack.com/archives/C5KUST8N6/p1676968734044309
Ikke den viktigste saken i verden, men ser på https://doc.nais.io/cli/install/ at anbefalt installasjonsbetode for Mac er med brew og for Linux med apt-kommandoen og et PPA. Brew fungerer fint på Linux også. Er det kanskje lettere å distribuere via Brew for Linux, akkurat som for Mac?
When attempting to validate a resource that contains template placeholders e.g:
apiVersion: nais.io/v1alpha1
kind: Application
metadata:
name: some-app
namespace: some-team
labels:
team: some-team
spec:
image: {{image}}
a somewhat cryptic error is returned:
failed to convert yaml to json: error converting YAML to JSON: yaml: invalid map key: map[interface {}]interface {}{"image":interface {}(nil)}
This is of course due to {}
being parsed as a map for the image
field in the above example.
In case a given resource contains placeholders, we should consider doing the following:
For fields that expect string values we could consider automatically wrapping the placeholders with quotes, but this seems hacky.
Pipeline, could be made more automatic or robust and automatic.
It is possible to add IAM conditions to roles/cloudsql.client
to lock down to a single instance like this resource.name == 'projects/abc123/instances/myinstance' && resource.type == 'sqladmin.googleapis.com/Instance'
A command that does the steps from https://doc.nais.io/deployment/troubleshooting/ for you and gives a useful report with next steps.
Postgres 15 removed default permissions from the public schema. This affects how cloudsqliam users get access to this schema. I think we create superusers for the applications themselves, so they and their credentials will still work.
Når brukeren har glemt å logge inn med --update-adc
burde nais-cli informere om dette, i tillegg til feilmeldingen som kommer nå.
❯ nais postgres prepare hm-grunndata-api
Prepare will prepare the postgres instance by connecting using the
application credentials and modify the permissions on the public schema.
All IAM users in your GCP project will be able to connect to the instance.
This operation is only required to run once for each postgresql instance.
Are you sure you want to continue (y/N): y
2022/05/13 14:38:11 default proxy initialization failed; consider calling proxy.Init explicitly: google: could not find default credentials. See https://developers.google.com/accounts/docs/application-default-credentials for more information.
Able to specify a command that generates only a .env
file with all properties from secret
When running nais kubeconfig
, onprem clusters are included, but without the user defined.
Can we just stop having the --include-onprem
flag?
Nå er alle Aiven-kommandoer knyttet til NAV-tenanten, disse burde skrives om til å være basert på hvilken tenant brukeren er logget inn på i naisdevice.
nais kubeconfig
har løst dette med å hente aktiv tenant direkte fra kjørende naisdevice. Usikker på om det er like lett for Aiven, om den har navn/labels knyttet til tenant.
In the documentation it says:
Note that if you change your application name, database name or envVarPrefix, and then change it later, you have to manually reset database credentials.
Under reset database credentials
it says all you have to do for a database with default user is to run nais postgres password rotate <MYAPP>
. However, this will not delete the credentials from kubernetes secrets. Thus, changing the database name does not generate new env variable names. Either the docs should be updated or the password rotate
functionality should be extended with functionality to update credentials.
Får følgende feilmelding når jeg kjører nais start teamdigisos sosialhjelp-avtaler-admin
OS: Ubuntu 22.04, Regolith
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0x137f318]
goroutine 1 [running]:
github.com/nais/cli/pkg/appstarter.makeHttpRequest(0x0?)
/home/runner/work/cli/cli/pkg/appstarter/appstarter.go:122 +0x2d8
github.com/nais/cli/pkg/appstarter.Naisify({0x7fff620b9fd2, 0x19}, {0x7fff620b9fc6, 0xb}, {0x0, 0x0, 0x0}, {0x0, 0x0, 0x0}, ...)
/home/runner/work/cli/cli/pkg/appstarter/appstarter.go:60 +0x278
github.com/nais/cli/cmd.commands.Command.func2(0xc0001fe6c0)
/home/runner/work/cli/cli/cmd/appstartercmd/appstarter.go:47 +0x132
github.com/urfave/cli/v2.(*Command).Run(0xc00035cf20, 0xc0001fe6c0, {0xc0007150b0, 0x3, 0x3})
/home/runner/go/pkg/mod/github.com/urfave/cli/[email protected]/command.go:279 +0x97d
github.com/urfave/cli/v2.(*Command).Run(0xc0003b91e0, 0xc0001fe540, {0xc000148040, 0x4, 0x4})
/home/runner/go/pkg/mod/github.com/urfave/cli/[email protected]/command.go:272 +0xbb7
github.com/urfave/cli/v2.(*App).RunContext(0xc0003ba000, {0x2083b30, 0x2fbb300}, {0xc000148040, 0x4, 0x4})
/home/runner/go/pkg/mod/github.com/urfave/cli/[email protected]/app.go:337 +0x58b
github.com/urfave/cli/v2.(*App).Run(...)
/home/runner/go/pkg/mod/github.com/urfave/cli/[email protected]/app.go:311
github.com/nais/cli/cmd.Run()
/home/runner/work/cli/cli/cmd/cmd.go:47 +0x14c
main.main()
/home/runner/work/cli/cli/main.go:6 +0xf
There's a discussion on Slack about his for more context and workarounds, but essentially, the location and filename for the pgpass file are different on Windows than they are on Linux and Mac, and the CLI doesn't take this into account when it generates (or updates) it.
An extract from the PostgreSQL documentation:
The file
.pgpass
in a user's home directory can contain passwords to be used if the connection requires a password (and no password has been specified otherwise). On Microsoft Windows the file is named%APPDATA%\postgresql\pgpass.conf
(where%APPDATA%
refers to the Application Data subdirectory in the user's profile). Alternatively, the password file to use can be specified using the connection parameter passfile or the environment variablePGPASSFILE
.
Now of course, we could use those workarounds, but I submit that a tool that aims to reduce friction should take care of this for us 😄
Prøver å bruke IntelliJ sin Big Data Tool til å se på meldinger i en Kafka-topic, men sliter. Det er ikke dokumentert - ihvertfall ikke eksplisitt - for nais-cli på https://github.com/nais/doc/blob/main/docs/cli/commands/aiven.md
I dag bruker Validate https://storage.googleapis.com/nais-json-schema-2c91/nais-all.json
for å hente inn schema å validere kubernetes ressurser mot.
Denne inneholder CRD-er for NAIS. Men siden vi oppfordrer å lage flere ressurser, som f.eks. PrometheusRule
bør vi kanskje støtte alle ressurser som vi dokumenterer i doc-en?
The issue starts with the merge of a dependabot PR: #51
We got a response in slack about errors with brew tap nais/tap
Reverted merge of dependabot PR, dident seem to fix the issue.
The real issue was go-releaser version > v1.7.0 we used default latest
in go-releaser action.
Seems like we need to do some changes to go-releaser
yml configuration before upgrading goreleaser > v1.7.0.
kjører nais naas kubeconfig
får dette :)
$ kubectl config get-contexts
CURRENT NAME CLUSTER AUTHINFO NAMESPACE
ci-fss ci-fss nais-user default
dev-fss dev-fss nais-user default
* prod-fss prod-fss nais-user default
Could be useful not to get all files exported, but only the ones you want. This could include specifying what type of configuration you need, e.g kcat.conf
or if you want all/some of the exported files as .env
nais-d is a unfortunate , as the former app app used the name naisd.
nais currently requires users to install a version of kubectl
to interact with their application. The version of kubectl
must be compatible with whatever version we might be running.
Would be nais if the cli could ensure that a there is a valid version of kubectl
for the current OS.
A flag might control where the binary lands, e.g. a directory on $PATH
nais aiven create kafka <username> <namespace> -p nav-prod
The created aivenapplication
has pool set to the default value, not the value specified.
Vi har jo et CLI i dag, men det gjør jo ikke så alt for mye nyttig... enda.
Her er det potensiale for å gjøre mye moro.
Hva om nais CLI er en slags kjernekomponent i hverdagen til en nais-utvikler?
Om vi ser for oss at du som ny utvikler skriver nais up
, og alt som er nais installeres automatisk for deg:
Når du så har fått alt som er nais får du så mulighet til å bruke dette CLI'et for å navigere alle naistjenester som er tilgjengelige:
Når man kjører nais-kommandoen
nais start --appname --teamname --appListenPort 8000
og man har generert et kotlin-prosjekt får man først feilmelding om at man mangler pom.xml eller tilsvarende. Hvis man toucher pom.xml og kjører på nytt får man yaml-filer som ikke passer helt med gradle og kotlin.
Forventet resultat: Det genereres oppsett som gjør at man kan kjøre kotlin-applikasjon på nais.
(Man kan sikkert snik-kikke på https://github.com/navikt/sokos-ktor-template .)
If a resource with a matching name already exists, we should not overwrite it but instead return an error to the user.
Currently we assume everything is done within the public schema. We should add support to specify schema when granting permissions and connecting.
https://nav-it.slack.com/archives/C5KUST8N6/p1704977244543049
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.