From b707757c1d2188061458100e793b112cc9074ef5 Mon Sep 17 00:00:00 2001 From: Sri Aradhyula Date: Wed, 22 Oct 2025 11:15:31 -0500 Subject: [PATCH 1/3] fix(caipe): README.md Signed-off-by: Sri Aradhyula --- caipe/README.md | 238 +----------------------------------------------- 1 file changed, 4 insertions(+), 234 deletions(-) diff --git a/caipe/README.md b/caipe/README.md index 3d4e4cde..b18a5056 100644 --- a/caipe/README.md +++ b/caipe/README.md @@ -1,237 +1,7 @@ -# CAIPE - Cloud AI Platform Engineering +# CAIPE (Community AI Platform Engineering) -CAIPE provides AI-powered platform engineering capabilities with support for multiple LLM providers and automated secret management. +> πŸ’‘ Tip: CAIPE (Community AI Platform Engineering), pronounced like cape (as in a superhero cape πŸ¦Έβ€β™‚οΈπŸ¦Έβ€β™€οΈ). Just as a πŸ¦Έβ€β™‚οΈ cape empowers a superhero, CAIPE empowers platform engineers with πŸ€– Agentic AI automation! πŸš€ -## Quick Start +Community AI Platform Engineering (CAIPE) (pronounced as cape) is an open-source, Multi-Agentic AI System (MAS) championed by the CNOE (Cloud Native Operational Excellence) forum. CAIPE provides a secure, scalable, persona-driven reference implementation with built-in knowledge base retrieval that streamlines platform operations, accelerates workflows, and fosters innovation for modern engineering teams. It integrates seamlessly with Internal Developer Portals like Backstage and developer environments such as VS Code, enabling frictionless adoption and extensibility. -### 1. Deploy CAIPE Platform - -```bash -# Deploy the basic peer-to-peer configuration -./idpbuilder create --name caipe-basic-p2p \ - --use-path-routing \ - --package https://github.com/cnoe-io/stacks//ref-implementation \ - --package https://github.com/sriaradhyula/stacks//caipe/caipe-basic-p2p -``` - -### 2. Setup LLM Credentials - -Run the interactive setup script to configure your LLM provider: - -```bash -# Make the script executable -chmod +x setup-llm-credentials.sh - -# Run the setup script -./setup-llm-credentials.sh -``` - -**Note**: The script uses clean input handling - simply type or paste your credentials and press Enter. No special key combinations needed. - -The script supports the following LLM providers: - -#### Azure OpenAI -- API Key -- Endpoint URL -- API Version (default: 2024-02-15-preview) -- Deployment Name - -#### OpenAI -- API Key -- Endpoint (default: https://api.openai.com/v1) -- Model Name (default: gpt-4) - -#### AWS Bedrock -- Access Key ID -- Secret Access Key -- Region (default: us-east-1) -- Model ID (default: anthropic.claude-3-sonnet-20240229-v1:0) -- Provider (default: anthropic) - -#### Google Gemini -- API Key -- Model Name (default: gemini-pro) - -#### GCP Vertex AI -- Project ID -- Location (default: us-central1) -- Model Name (default: gemini-pro) - -### 3. Setup Agent Secrets - -Configure API keys and tokens for active agents: - -```bash -# Make the script executable -chmod +x setup-agent-secrets.sh - -# Run the setup script -./setup-agent-secrets.sh -``` - -**Note**: The script uses clean input handling - simply type or paste your credentials and press Enter. No special key combinations needed. - -The script supports the following agents and their required credentials: - -#### GitHub Agent -- **Personal Access Token**: GitHub API access token with repo permissions -- **Webhook Secret**: Optional secret for webhook validation - -#### GitLab Agent -- **Personal Access Token**: GitLab API access token -- **Webhook Secret**: Optional secret for webhook validation - -#### Jira Agent -- **API Token**: Jira API token for authentication -- **Base URL**: Jira instance URL (e.g., https://company.atlassian.net) -- **Username**: Jira username/email - -#### Slack Agent -- **Bot Token**: Slack bot token (xoxb-...) -- **App Token**: Slack app token (xapp-...) -- **Signing Secret**: Slack signing secret for request verification - -#### AWS Agent -- **Access Key ID**: AWS access key ID -- **Secret Access Key**: AWS secret access key -- **Region**: AWS region (default: us-east-1) - -### 4. Access Services - -After deployment, access the platform services: - -- **ArgoCD**: https://cnoe.localtest.me:8443/argocd -- **Backstage**: https://cnoe.localtest.me:8443/backstage -- **Vault**: https://vault.cnoe.localtest.me:8443/ui -- **Gitea**: https://gitea.cnoe.localtest.me:8443 - -### 5. Verify Setup - -Check that your credentials are properly stored: - -#### LLM Credentials -1. Access Vault UI: https://vault.cnoe.localtest.me:8443/ui -2. Navigate to: `secret/ai-platform-engineering/global` -3. Verify your LLM provider configuration - -#### Agent Secrets -1. Access Vault UI: https://vault.cnoe.localtest.me:8443/ui -2. Navigate to: `secret/ai-platform-engineering/agent-secrets` -3. Verify your agent API keys and tokens - -## Architecture - -CAIPE includes: - -- **Vault**: Secret management with automated token rotation -- **ArgoCD**: GitOps deployment with API token automation -- **Backstage**: Developer portal with API authentication -- **External Secrets**: Kubernetes secret synchronization -- **AI Agents**: Platform engineering automation - -## Security Features - -- Automated ArgoCD API token generation and rotation -- Vault-based secret management -- Secure credential storage with encryption -- RBAC for cross-namespace access -- No secrets exposed in logs - -## Utility Scripts - -### Refresh Secrets and Restart Deployments - -After updating secrets in Vault, use this script to refresh Kubernetes secrets and restart deployments: - -```bash -# Make the script executable -chmod +x refresh-secrets.sh - -# Run the refresh script -./refresh-secrets.sh -``` - -This script will: -- Check if Vault secrets exist and have data -- Delete Kubernetes secrets and wait for External Secrets to recreate them -- Restart corresponding deployments with rollout status verification - -### Sync ArgoCD Applications - -Ensure all ArgoCD applications are synced and healthy: - -```bash -# Make the script executable -chmod +x sync-apps.sh - -# Run the sync script -./sync-apps.sh -``` - -This script will sync: -- **backstage** - Developer portal -- **vault** - Secret management -- **argocd** - GitOps controller -- **ai-platform-engineering** - CAIPE stack -- **external-secrets** - Secret synchronization -- **ingress-nginx** - Ingress controller -- **gitea** - Git repository - -## Raw Script Access - -Download and run the setup scripts directly: - -### LLM Credentials Setup -```bash -# Download the script -curl -sSL https://raw.githubusercontent.com/sriaradhyula/stacks/main/caipe/setup-llm-credentials.sh -o setup-llm-credentials.sh - -# Make it executable and run -chmod +x setup-llm-credentials.sh -./setup-llm-credentials.sh -``` - -### Agent Secrets Setup -```bash -# Download the script -curl -sSL https://raw.githubusercontent.com/sriaradhyula/stacks/main/caipe/setup-agent-secrets.sh -o setup-agent-secrets.sh - -# Make it executable and run -chmod +x setup-agent-secrets.sh -./setup-agent-secrets.sh -``` - -**Note**: Both scripts use clean input handling - simply type or paste your credentials and press Enter. No special key combinations needed. - -### Utility Scripts - -#### Refresh Secrets -```bash -curl -sSL https://raw.githubusercontent.com/sriaradhyula/stacks/main/caipe/refresh-secrets.sh -o refresh-secrets.sh -chmod +x refresh-secrets.sh -./refresh-secrets.sh -``` - -#### Sync Applications -```bash -curl -sSL https://raw.githubusercontent.com/sriaradhyula/stacks/main/caipe/sync-apps.sh -o sync-apps.sh -chmod +x sync-apps.sh -./sync-apps.sh -``` - -## Troubleshooting - -### Prerequisites -- `kubectl` CLI installed and configured -- `vault` CLI installed -- Access to the CAIPE cluster - -### Common Issues - -1. **Vault connection failed**: Ensure port-forward is working and Vault is running -2. **Permission denied**: Check that you have access to the vault namespace -3. **Invalid provider**: Select a number from 1-5 for supported providers - -### Support - -For issues and questions, please refer to the [CNOE documentation](https://cnoe.io/docs/) or open an issue in the repository. +[IDP Builder Setup Docs](https://cnoe-io.github.io/ai-platform-engineering/getting-started/idpbuilder/setup) \ No newline at end of file From 124be506f269e9a8ef2ff89cabb2524724d6c59c Mon Sep 17 00:00:00 2001 From: suwhang-cisco Date: Wed, 22 Oct 2025 16:23:30 +0000 Subject: [PATCH 2/3] fix: webex and pin 0.1.19 Signed-off-by: suwhang-cisco --- .../base/ai-platform-engineering/values.yaml | 55 ++++------ .../vault/manifests/vault-config-job.yaml | 2 - caipe/scripts/refresh-secrets.sh | 16 +-- caipe/scripts/setup-agent-secrets.sh | 100 +++++++----------- caipe/scripts/setup-all.sh | 1 + caipe/scripts/setup-llm-credentials.sh | 6 +- 6 files changed, 74 insertions(+), 106 deletions(-) diff --git a/caipe/base/ai-platform-engineering/values.yaml b/caipe/base/ai-platform-engineering/values.yaml index 224adfd5..05e299ed 100644 --- a/caipe/base/ai-platform-engineering/values.yaml +++ b/caipe/base/ai-platform-engineering/values.yaml @@ -112,7 +112,7 @@ supervisor-agent: nameOverride: "supervisor-agent" image: repository: "ghcr.io/cnoe-io/ai-platform-engineering" - tag: "latest" + tag: "0.1.19" env: EXTERNAL_URL: "https://cnoe.localtest.me:8443/ai-platform-engineering" RAG_AGENT_PORT: 8099 @@ -120,12 +120,12 @@ agent-argocd: nameOverride: "agent-argocd" image: repository: "ghcr.io/cnoe-io/agent-argocd" - tag: "latest" + tag: "0.1.19" pullPolicy: "Always" mcp: image: repository: "ghcr.io/cnoe-io/mcp-argocd" - tag: "latest" + tag: "0.1.19" pullPolicy: "Always" mode: "http" # Options: stdio, http port: 8000 @@ -151,12 +151,9 @@ agent-aws: image: repository: "ghcr.io/cnoe-io/agent-aws" pullPolicy: "Always" - tag: "latest" + tag: "0.1.19" mcp: - mode: "stdio" # Options: stdio, http - # image: # HOT FIX: will be modified in the helm chart itself in the future - # repository: "public.ecr.aws/awslabs-mcp/awslabs/eks-mcp-server" - # tag: "sha-e18497bbc401f08334ea8b966db1f235b647bfed" + mode: "stdio" # AWS currently does not support HTTP mode agentSecrets: secretName: "agent-aws-secret" externalSecrets: @@ -179,11 +176,11 @@ agent-backstage: image: repository: "ghcr.io/cnoe-io/agent-backstage" pullPolicy: "Always" - tag: "latest" + tag: "0.1.19" mcp: image: repository: "ghcr.io/cnoe-io/mcp-backstage" - tag: "latest" + tag: "0.1.19" pullPolicy: "Always" mode: "http" # Options: stdio, http port: 8000 @@ -205,11 +202,11 @@ agent-confluence: image: repository: "ghcr.io/cnoe-io/agent-confluence" pullPolicy: "Always" - tag: "latest" + tag: "0.1.19" mcp: image: repository: "ghcr.io/cnoe-io/mcp-confluence" - tag: "latest" + tag: "0.1.19" pullPolicy: "Always" mode: "http" # Options: stdio, http port: 8000 @@ -235,7 +232,7 @@ agent-github: image: repository: "ghcr.io/cnoe-io/agent-github" pullPolicy: "Always" - tag: "latest" + tag: "0.1.19" mcp: useRemoteMcpServer: true agentSecrets: @@ -252,11 +249,11 @@ agent-jira: image: repository: "ghcr.io/cnoe-io/agent-jira" pullPolicy: "Always" - tag: "latest" + tag: "0.1.19" mcp: image: repository: "ghcr.io/cnoe-io/mcp-jira" - tag: "latest" + tag: "0.1.19" pullPolicy: "Always" mode: "http" # Options: stdio, http port: 8000 @@ -283,11 +280,11 @@ agent-komodor: image: repository: "ghcr.io/cnoe-io/agent-komodor" pullPolicy: "Always" - tag: "latest" + tag: "0.1.19" mcp: image: repository: "ghcr.io/cnoe-io/mcp-komodor" - tag: "latest" + tag: "0.1.19" pullPolicy: "Always" mode: "http" # Options: stdio, http port: 8000 @@ -309,11 +306,11 @@ agent-pagerduty: image: repository: "ghcr.io/cnoe-io/agent-pagerduty" pullPolicy: "Always" - tag: "latest" + tag: "0.1.19" mcp: image: repository: "ghcr.io/cnoe-io/mcp-pagerduty" - tag: "latest" + tag: "0.1.19" pullPolicy: "Always" mode: "http" # Options: stdio, http port: 8000 @@ -335,11 +332,11 @@ agent-slack: image: repository: "ghcr.io/cnoe-io/agent-slack" pullPolicy: "Always" - tag: "latest" + tag: "0.1.19" mcp: image: repository: "ghcr.io/cnoe-io/mcp-slack" - tag: "latest" + tag: "0.1.19" pullPolicy: "Always" mode: "http" # Options: stdio, http port: 8000 @@ -374,11 +371,11 @@ agent-splunk: image: repository: "ghcr.io/cnoe-io/agent-splunk" pullPolicy: "Always" - tag: "latest" + tag: "0.1.19" mcp: image: repository: "ghcr.io/cnoe-io/mcp-splunk" - tag: "latest" + tag: "0.1.19" pullPolicy: "Always" mode: "http" # Options: stdio, http port: 8000 @@ -400,11 +397,11 @@ agent-webex: image: repository: "ghcr.io/cnoe-io/agent-webex" pullPolicy: "Always" - tag: "latest" + tag: "0.1.19" mcp: image: repository: "ghcr.io/cnoe-io/mcp-webex" - tag: "latest" + tag: "0.1.19" pullPolicy: "Always" mode: "http" # Options: stdio, http port: 8000 @@ -412,14 +409,6 @@ agent-webex: secretName: "agent-webex-secret" externalSecrets: data: - - secretKey: WEBEX_BOT_TOKEN - remoteRef: - key: secret/ai-platform-engineering/webex-secret - property: WEBEX_BOT_TOKEN - - secretKey: WEBEX_WEBHOOK_SECRET - remoteRef: - key: secret/ai-platform-engineering/webex-secret - property: WEBEX_WEBHOOK_SECRET - secretKey: WEBEX_TOKEN remoteRef: key: secret/ai-platform-engineering/webex-secret diff --git a/caipe/base/vault/manifests/vault-config-job.yaml b/caipe/base/vault/manifests/vault-config-job.yaml index 0059c536..16c20771 100644 --- a/caipe/base/vault/manifests/vault-config-job.yaml +++ b/caipe/base/vault/manifests/vault-config-job.yaml @@ -156,8 +156,6 @@ spec: # Webex agent secrets echo "Creating webex-secret..." vault kv put secret/ai-platform-engineering/webex-secret \ - WEBEX_BOT_TOKEN="" \ - WEBEX_WEBHOOK_SECRET="" \ WEBEX_TOKEN="" >/dev/null # KB RAG agent secrets diff --git a/caipe/scripts/refresh-secrets.sh b/caipe/scripts/refresh-secrets.sh index 52fbecfd..ba9348d9 100755 --- a/caipe/scripts/refresh-secrets.sh +++ b/caipe/scripts/refresh-secrets.sh @@ -6,23 +6,27 @@ echo "πŸš€ Starting AI Platform Engineering cleanup process..." echo "" echo "πŸ”‘ Deleting all secrets in ai-platform-engineering namespace..." -kubectl delete secret --all -n ai-platform-engineering +kubectl delete secret --all -n ai-platform-engineering > /dev/null echo "" -echo "⏱️ Waiting 5 second for cleanup to complete..." -sleep 5 +echo "⏱️ Waiting 1 second for cleanup to complete..." +sleep 1 echo "" echo "πŸ“ Command executed: kubectl delete secret --all -n ai-platform-engineering" echo "" -echo "πŸ—‘οΈ Deleting all pods in ai-platform-engineering namespace..." -kubectl delete pod --all -n ai-platform-engineering +echo "πŸ—‘οΈ Deleting all pods in ai-platform-engineering namespace..." +kubectl delete pod --all -n ai-platform-engineering > /dev/null + +echo "" +echo "⏳ Sleep for 5s to wait for the new pods to get ready" +sleep 5 echo "" echo "πŸ“Š Current pods in ai-platform-engineering namespace:" echo "==================================================" -kubectl get pods -n ai-platform-engineering +kubectl get pods -n ai-platform-engineering | awk 'NR==1 || !/Running/' echo "" echo "βœ… Cleanup process completed successfully!" diff --git a/caipe/scripts/setup-agent-secrets.sh b/caipe/scripts/setup-agent-secrets.sh index 6ed15d07..acd131cf 100755 --- a/caipe/scripts/setup-agent-secrets.sh +++ b/caipe/scripts/setup-agent-secrets.sh @@ -17,6 +17,7 @@ done # Parse command line arguments OVERRIDE_ALL=false ENV_FILE="" +auto_populated_vars=() while [[ $# -gt 0 ]]; do case $1 in --override-all) @@ -67,13 +68,13 @@ load_env_file() { # Export the variable if it's not already set or if we have a value if [[ -n "$var_value" ]]; then export "$var_name"="$var_value" - log " βœ“ Loaded $var_name from env file" + # log " βœ“ Loaded $var_name from env file" fi fi fi done < "$env_file" else - log "⚠️ Environment file not found: $env_file" + # log "⚠️ Environment file not found: $env_file" exit 1 fi fi @@ -88,7 +89,7 @@ export VAULT_TOKEN # Start port forward log "πŸ”— Starting Vault port forward..." -kubectl port-forward -n vault svc/vault 8200:8200 & +kubectl port-forward -n vault svc/vault 8200:8200 > /dev/null 2>&1 & VAULT_PID=$! sleep 3 @@ -100,7 +101,7 @@ prompt_with_env() { # If we have an env file and the variable has a value, auto-populate if [[ -n "$ENV_FILE" && -n "$env_value" ]]; then - echo "[$(date '+%Y-%m-%d %H:%M:%S')] βœ“ Using existing value detected for $prompt in env file. Auto-populating..." >&2 + auto_populated_vars+=("$var_name") result="$env_value" elif [[ -n "$env_value" ]]; then if [[ "$is_secret" == "true" ]]; then @@ -149,7 +150,7 @@ fetch_vault_secret() { local value # Try to fetch the secret, suppress errors if it doesn't exist - value=$(vault kv get -field="$field_name" "$vault_path" 2>/dev/null || echo "") + value=$(vault kv get -field="$field_name" "$vault_path" >/dev/null || echo "") printf '%s' "$value" } @@ -178,87 +179,87 @@ log "πŸ” Checking active agents..." active_agents=() # Check for GitHub agent (look for GitHub-related deployments or configs) -if kubectl get deployment -n ai-platform-engineering ai-platform-engineering-agent-github 2>/dev/null || \ +if kubectl get deployment -n ai-platform-engineering ai-platform-engineering-agent-github >/dev/null || \ kubectl get configmap -n ai-platform-engineering | grep -i github >/dev/null 2>&1; then active_agents+=("github") - log "βœ… GitHub agent detected" + # log "βœ… GitHub agent detected" fi # Check for GitLab agent -if kubectl get deployment -n ai-platform-engineering ai-platform-engineering-agent-gitlab 2>/dev/null || \ +if kubectl get deployment -n ai-platform-engineering ai-platform-engineering-agent-gitlab >/dev/null || \ kubectl get configmap -n ai-platform-engineering | grep -i gitlab >/dev/null 2>&1; then active_agents+=("gitlab") - log "βœ… GitLab agent detected" + # log "βœ… GitLab agent detected" fi # Check for Jira agent -if kubectl get deployment -n ai-platform-engineering ai-platform-engineering-agent-jira 2>/dev/null || \ +if kubectl get deployment -n ai-platform-engineering ai-platform-engineering-agent-jira >/dev/null || \ kubectl get configmap -n ai-platform-engineering | grep -i jira >/dev/null 2>&1; then active_agents+=("jira") - log "βœ… Jira agent detected" + # log "βœ… Jira agent detected" fi # Check for Slack agent -if kubectl get deployment -n ai-platform-engineering ai-platform-engineering-agent-slack 2>/dev/null || \ +if kubectl get deployment -n ai-platform-engineering ai-platform-engineering-agent-slack >/dev/null || \ kubectl get configmap -n ai-platform-engineering | grep -i slack >/dev/null 2>&1; then active_agents+=("slack") - log "βœ… Slack agent detected" + # log "βœ… Slack agent detected" fi # Check for AWS agent -if kubectl get deployment -n ai-platform-engineering ai-platform-engineering-agent-aws 2>/dev/null || \ +if kubectl get deployment -n ai-platform-engineering ai-platform-engineering-agent-aws >/dev/null || \ kubectl get configmap -n ai-platform-engineering | grep -i aws >/dev/null 2>&1; then active_agents+=("aws") - log "βœ… AWS agent detected" + # log "βœ… AWS agent detected" fi # Check for ArgoCD agent -if kubectl get deployment -n ai-platform-engineering ai-platform-engineering-agent-argocd 2>/dev/null || \ +if kubectl get deployment -n ai-platform-engineering ai-platform-engineering-agent-argocd >/dev/null || \ kubectl get configmap -n ai-platform-engineering | grep -i argocd >/dev/null 2>&1; then active_agents+=("argocd") - log "βœ… ArgoCD agent detected" + # log "βœ… ArgoCD agent detected" fi # Check for Backstage agent -if kubectl get deployment -n ai-platform-engineering ai-platform-engineering-agent-backstage 2>/dev/null || \ +if kubectl get deployment -n ai-platform-engineering ai-platform-engineering-agent-backstage >/dev/null || \ kubectl get configmap -n ai-platform-engineering | grep -i backstage >/dev/null 2>&1; then active_agents+=("backstage") - log "βœ… Backstage agent detected" + # log "βœ… Backstage agent detected" fi # Check for PagerDuty agent -if kubectl get deployment -n ai-platform-engineering ai-platform-engineering-agent-pagerduty 2>/dev/null || \ +if kubectl get deployment -n ai-platform-engineering ai-platform-engineering-agent-pagerduty >/dev/null || \ kubectl get configmap -n ai-platform-engineering | grep -i pagerduty >/dev/null 2>&1; then active_agents+=("pagerduty") - log "βœ… PagerDuty agent detected" + # log "βœ… PagerDuty agent detected" fi # Check for Confluence agent -if kubectl get deployment -n ai-platform-engineering ai-platform-engineering-agent-confluence 2>/dev/null || \ +if kubectl get deployment -n ai-platform-engineering ai-platform-engineering-agent-confluence >/dev/null || \ kubectl get configmap -n ai-platform-engineering | grep -i confluence >/dev/null 2>&1; then active_agents+=("confluence") - log "βœ… Confluence agent detected" + # log "βœ… Confluence agent detected" fi # Check for Splunk agent -if kubectl get deployment -n ai-platform-engineering ai-platform-engineering-agent-splunk 2>/dev/null || \ +if kubectl get deployment -n ai-platform-engineering ai-platform-engineering-agent-splunk >/dev/null || \ kubectl get configmap -n ai-platform-engineering | grep -i splunk >/dev/null 2>&1; then active_agents+=("splunk") - log "βœ… Splunk agent detected" + # log "βœ… Splunk agent detected" fi # Check for Webex agent -if kubectl get deployment -n ai-platform-engineering ai-platform-engineering-agent-webex 2>/dev/null || \ +if kubectl get deployment -n ai-platform-engineering ai-platform-engineering-agent-webex >/dev/null || \ kubectl get configmap -n ai-platform-engineering | grep -i webex >/dev/null 2>&1; then active_agents+=("webex") - log "βœ… Webex agent detected" + # log "βœ… Webex agent detected" fi # Check for Komodor agent -if kubectl get deployment -n ai-platform-engineering ai-platform-engineering-agent-komodor 2>/dev/null || \ +if kubectl get deployment -n ai-platform-engineering ai-platform-engineering-agent-komodor >/dev/null || \ kubectl get configmap -n ai-platform-engineering | grep -i komodor >/dev/null 2>&1; then active_agents+=("komodor") - log "βœ… Komodor agent detected" + # log "βœ… Komodor agent detected" fi # If no agents detected, ask user to select @@ -667,22 +668,7 @@ done log "βœ… Agent secrets successfully stored in Vault" echo "" -log "πŸ” You can verify individual agent secrets at:" -for agent in "${active_agents[@]}"; do - case $agent in - "github") log " πŸ™ GitHub: https://vault.cnoe.localtest.me:8443/ui/vault/secrets/secret/kv/ai-platform-engineering%2Fgithub-secret" ;; - "jira") log " 🎫 Jira: https://vault.cnoe.localtest.me:8443/ui/vault/secrets/secret/kv/ai-platform-engineering%2Fjira-secret" ;; - "slack") log " πŸ’¬ Slack: https://vault.cnoe.localtest.me:8443/ui/vault/secrets/secret/kv/ai-platform-engineering%2Fslack-secret" ;; - "aws") log " ☁️ AWS: https://vault.cnoe.localtest.me:8443/ui/vault/secrets/secret/kv/ai-platform-engineering%2Faws-secret" ;; - "argocd") log " πŸš€ ArgoCD: https://vault.cnoe.localtest.me:8443/ui/vault/secrets/secret/kv/ai-platform-engineering%2Fargocd-secret" ;; - "backstage") log " 🎭 Backstage: https://vault.cnoe.localtest.me:8443/ui/vault/secrets/secret/kv/ai-platform-engineering%2Fbackstage-secret" ;; - "pagerduty") log " πŸ“Ÿ PagerDuty: https://vault.cnoe.localtest.me:8443/ui/vault/secrets/secret/kv/ai-platform-engineering%2Fpagerduty-secret" ;; - "confluence") log " πŸ“š Confluence: https://vault.cnoe.localtest.me:8443/ui/vault/secrets/secret/kv/ai-platform-engineering%2Fconfluence-secret" ;; - "splunk") log " πŸ” Splunk: https://vault.cnoe.localtest.me:8443/ui/vault/secrets/secret/kv/ai-platform-engineering%2Fsplunk-secret" ;; - "webex") log " πŸ“Ή Webex: https://vault.cnoe.localtest.me:8443/ui/vault/secrets/secret/kv/ai-platform-engineering%2Fwebex-secret" ;; - "komodor") log " πŸ”§ Komodor: https://vault.cnoe.localtest.me:8443/ui/vault/secrets/secret/kv/ai-platform-engineering%2Fkomodor-secret" ;; - esac -done +log "πŸ” You can verify individual agent secrets at the Vault UI: https://vault.cnoe.localtest.me:8443/ui/vault/secrets/secret/kv/list/ai-platform-engineering/" # Create Kubernetes secret for agents log "πŸ”„ Creating Kubernetes secret for agents..." @@ -714,29 +700,19 @@ kubectl create secret generic agent-secrets -n ai-platform-engineering \ --from-literal=WEBEX_TOKEN="$WEBEX_TOKEN" \ --from-literal=KOMODOR_TOKEN="$KOMODOR_TOKEN" \ --from-literal=KOMODOR_API_URL="$KOMODOR_API_URL" \ - --dry-run=client -o yaml | kubectl apply -f - + --dry-run=client -o yaml | kubectl apply -f - > /dev/null log "βœ… Kubernetes secret created/updated" # Summary echo "" +if [[ ${#auto_populated_vars[@]} -gt 0 ]]; then + log "βœ“ Auto-populated variables from env file: $(IFS=,; echo "${auto_populated_vars[*]}")" + echo "" +fi log "πŸ“Š Configuration Summary:" -for agent in "${active_agents[@]}"; do - case $agent in - "github") log " πŸ™ GitHub: Personal Access Token configured" ;; - "jira") log " 🎫 Jira: Atlassian Token and API URL configured" ;; - "slack") log " πŸ’¬ Slack: Bot Token, App Token, and additional tokens configured" ;; - "aws") log " ☁️ AWS: Access Keys and Region configured" ;; - "argocd") log " πŸš€ ArgoCD: Token and API URL configured" ;; - "backstage") log " 🎭 Backstage: API Token and URL configured" ;; - "pagerduty") log " πŸ“Ÿ PagerDuty: API Key and URL configured" ;; - "confluence") log " πŸ“š Confluence: API URL and Atlassian credentials configured" ;; - "splunk") log " πŸ” Splunk: Token and API URL configured" ;; - "webex") log " πŸ“Ή Webex: Token configured" ;; - "komodor") log " πŸ”§ Komodor: Token and API URL configured" ;; - esac -done +log " Configured agents: $(IFS=,; echo "${active_agents[*]}")" # Cleanup -kill $VAULT_PID 2>/dev/null +kill $VAULT_PID >/dev/null log "πŸŽ‰ Agent secrets setup complete!" diff --git a/caipe/scripts/setup-all.sh b/caipe/scripts/setup-all.sh index 0bc3fa8b..d3bd4ea2 100755 --- a/caipe/scripts/setup-all.sh +++ b/caipe/scripts/setup-all.sh @@ -49,6 +49,7 @@ fi echo "🧩 Running setup-llm-credentials.sh..." bash "$script_dir/setup-llm-credentials.sh" "${llm_args[@]}" +echo "" echo "🧩 Running setup-agent-secrets.sh..." bash "$script_dir/setup-agent-secrets.sh" "${agent_args[@]}" diff --git a/caipe/scripts/setup-llm-credentials.sh b/caipe/scripts/setup-llm-credentials.sh index 75e6c917..022c1d47 100755 --- a/caipe/scripts/setup-llm-credentials.sh +++ b/caipe/scripts/setup-llm-credentials.sh @@ -64,7 +64,7 @@ load_env_file() { # Export the variable if it's not already set or if we have a value if [[ -n "$var_value" ]]; then export "$var_name"="$var_value" - log " βœ“ Loaded $var_name from env file" + # log " βœ“ Loaded $var_name from env file" fi fi fi @@ -85,7 +85,7 @@ export VAULT_TOKEN # Start port forward in background log "πŸ”— Starting Vault port forward..." -kubectl port-forward -n vault svc/vault 8200:8200 & +kubectl port-forward -n vault svc/vault 8200:8200 > /dev/null 2>&1 & VAULT_PID=$! sleep 3 @@ -255,7 +255,7 @@ vault kv put secret/ai-platform-engineering/global \ GCP_MODEL_NAME="$GCP_MODEL_NAME" >/dev/null log "βœ… LLM credentials successfully stored in Vault" -log "πŸ” You can verify at: https://vault.cnoe.localtest.me:8443/ui/vault/secrets/secret/kv/ai-platform-engineering%2Fglobal" +# log "πŸ” You can verify at: https://vault.cnoe.localtest.me:8443/ui/vault/secrets/secret/kv/ai-platform-engineering%2Fglobal" # Cleanup kill $VAULT_PID 2>/dev/null From 067e8b80af562fab44d60b2f9eae8b62caf58f51 Mon Sep 17 00:00:00 2001 From: Stefan Braicu Date: Wed, 22 Oct 2025 23:39:35 -0700 Subject: [PATCH 3/3] fix: reuse backstage pass from ref-implementation --- caipe/base/backstage/manifests/install.yaml | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/caipe/base/backstage/manifests/install.yaml b/caipe/base/backstage/manifests/install.yaml index b6cf75cf..4fc4edd2 100644 --- a/caipe/base/backstage/manifests/install.yaml +++ b/caipe/base/backstage/manifests/install.yaml @@ -450,19 +450,6 @@ spec: restartPolicy: OnFailure backoffLimit: 60 # Allow retries for up to 30 minutes --- -apiVersion: generators.external-secrets.io/v1alpha1 -kind: Password -metadata: - name: backstage - namespace: backstage -spec: - length: 36 - digits: 5 - symbols: 5 - symbolCharacters: "/-+" - noUpper: false - allowRepeat: true ---- apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: