titan-iac/scripts/hammer.fish

#!/usr/bin/env fish
# Purpose: "Nuclear" reconcile for a target KS/HR by disabling gates, forcing update, then (optionally) restoring.

# Defaults (edit if you want different names/namespaces)
set -gx KS_NAME    "vault"
set -gx KS_NS      "flux-system"
set -gx HR_NAME    "vault"
set -gx HR_NS      "vault"
set -gx GIT_SRC    "flux-system"     # GitRepository name
set -gx SRC_NS     "flux-system"     # Namespace for sources (Git/Helm)
set -gx HELM_REPO  "hashicorp"       # HelmRepository name

# Behavior flags
set -gx RESTORE "no"
if test (count $argv) -gt 0
    if test "$argv[1]" = "--restore"
        set RESTORE "yes"
    end
end

function info; printf "► %s\n" $argv; end
function ok;   printf "✔ %s\n" $argv; end
function warn; printf "⚠ %s\n" $argv; end

info "Flux: "(flux -v)
info "Kube context: "(kubectl config current-context)

# --- 0) Preflight & backups ---------------------------------------------------
mkdir -p /tmp/flux-hammer
set KS_BAK "/tmp/flux-hammer/ks-$KS_NS-$KS_NAME.yaml"
set HR_BAK "/tmp/flux-hammer/hr-$HR_NS-$HR_NAME.yaml"

kubectl -n $KS_NS get kustomization $KS_NAME -o yaml > $KS_BAK 2>/dev/null; or true
kubectl -n $HR_NS get helmrelease $HR_NAME -o yaml > $HR_BAK 2>/dev/null; or true
ok "Backed up current specs to $KS_BAK and $HR_BAK"

# --- 1) Suspend ---------------------------------------------------------------
info "Suspending Kustomization $KS_NS/$KS_NAME and HelmRelease $HR_NS/$HR_NAME"
flux suspend kustomization $KS_NAME -n $KS_NS; or true
flux suspend helmrelease  $HR_NAME -n $HR_NS; or true
ok "Suspended (best-effort)"

# --- 2) Patch Kustomization: turn off waits/health & enable force -------------
info "Patching Kustomization (force=true, wait=false)"
kubectl -n $KS_NS patch kustomization $KS_NAME --type merge \
  -p '{"spec":{"force":true,"wait":false}}'; or true

# Remove healthChecks if present
set HAS_HC (kubectl -n $KS_NS get kustomization $KS_NAME -o json | jq -r '((.spec // {}) | has("healthChecks"))')
if test "$HAS_HC" = "true"
  info "Removing .spec.healthChecks from Kustomization"
  kubectl -n $KS_NS patch kustomization $KS_NAME --type json \
    -p='[{"op":"remove","path":"/spec/healthChecks"}]'; or true
else
  ok "No .spec.healthChecks present"
end

# --- 3) Patch HelmRelease: disable waits/tests & stop auto-remediation --------
info "Patching HelmRelease (disable waits & retries)"
kubectl -n $HR_NS patch helmrelease $HR_NAME --type merge -p \
'{
  "spec": {
    "install":  { "disableWait": true, "remediation": { "retries": 0 } },
    "upgrade":  { "disableWait": true, "remediation": { "retries": 0 } },
    "rollback": { "disableWait": true },
    "test":     { "enable": false }
  }
}'; or true

# --- 4) Reconcile sources (Git & Helm repo) ----------------------------------
info "Reconciling sources"
flux reconcile source git  $GIT_SRC  -n $SRC_NS --timeout=2m; or true
flux reconcile source helm $HELM_REPO -n $SRC_NS --timeout=2m; or true
ok "Sources reconciled (best-effort)"

# --- 5) Resume and force reconciles ------------------------------------------
info "Resuming Kustomization and HelmRelease"
flux resume kustomization $KS_NAME -n $KS_NS; or true
flux resume helmrelease  $HR_NAME -n $HR_NS; or true

info "Reconciling Kustomization with source (no waits)"
flux reconcile kustomization $KS_NAME -n $KS_NS --with-source --timeout=10m; or true

info "FORCING HelmRelease reconcile (no waits)"
flux reconcile helmrelease $HR_NAME -n $HR_NS --timeout=10m --force; or true

# --- 6) Optional restore of original specs -----------------------------------
if test "$RESTORE" = "yes"
  info "Restoring original specs and reconciling"
  if test -s $KS_BAK
    kubectl apply -f $KS_BAK; and flux reconcile kustomization $KS_NAME -n $KS_NS --timeout=5m; or true
  end
  if test -s $HR_BAK
    kubectl apply -f $HR_BAK; and flux reconcile helmrelease $HR_NAME -n $HR_NS --timeout=5m; or true
  end
  ok "Restored and reconciled"
else
  warn "Not restoring original specs (you ran without --restore). Gates remain off until you change them back."
end

# --- 7) Show status -----------------------------------------------------------
info "Current filtered status:"
flux get kustomizations | grep -E "(NAME|^$KS_NAME\s)"; or true
flux get helmreleases -A | grep -E "(NAMESPACE|^$HR_NS\s+$HR_NAME\s)"; or true
need certs 2025-08-19 22:15:57 -05:00			`#!/usr/bin/env fish`
			`# Purpose: "Nuclear" reconcile for a target KS/HR by disabling gates, forcing update, then (optionally) restoring.`

			`# Defaults (edit if you want different names/namespaces)`
			`set -gx KS_NAME "vault"`
			`set -gx KS_NS "flux-system"`
			`set -gx HR_NAME "vault"`
			`set -gx HR_NS "vault"`
			`set -gx GIT_SRC "flux-system" # GitRepository name`
			`set -gx SRC_NS "flux-system" # Namespace for sources (Git/Helm)`
			`set -gx HELM_REPO "hashicorp" # HelmRepository name`

			`# Behavior flags`
			`set -gx RESTORE "no"`
			`if test (count $argv) -gt 0`
			`if test "$argv[1]" = "--restore"`
			`set RESTORE "yes"`
			`end`
			`end`

			`function info; printf "► %s\n" $argv; end`
			`function ok; printf "✔ %s\n" $argv; end`
			`function warn; printf "⚠ %s\n" $argv; end`

			`info "Flux: "(flux -v)`
			`info "Kube context: "(kubectl config current-context)`

			`# --- 0) Preflight & backups ---------------------------------------------------`
			`mkdir -p /tmp/flux-hammer`
			`set KS_BAK "/tmp/flux-hammer/ks-$KS_NS-$KS_NAME.yaml"`
			`set HR_BAK "/tmp/flux-hammer/hr-$HR_NS-$HR_NAME.yaml"`

			`kubectl -n $KS_NS get kustomization $KS_NAME -o yaml > $KS_BAK 2>/dev/null; or true`
			`kubectl -n $HR_NS get helmrelease $HR_NAME -o yaml > $HR_BAK 2>/dev/null; or true`
			`ok "Backed up current specs to $KS_BAK and $HR_BAK"`

			`# --- 1) Suspend ---------------------------------------------------------------`
			`info "Suspending Kustomization $KS_NS/$KS_NAME and HelmRelease $HR_NS/$HR_NAME"`
			`flux suspend kustomization $KS_NAME -n $KS_NS; or true`
			`flux suspend helmrelease $HR_NAME -n $HR_NS; or true`
			`ok "Suspended (best-effort)"`

			`# --- 2) Patch Kustomization: turn off waits/health & enable force -------------`
			`info "Patching Kustomization (force=true, wait=false)"`
			`kubectl -n $KS_NS patch kustomization $KS_NAME --type merge \`
			`-p '{"spec":{"force":true,"wait":false}}'; or true`

			`# Remove healthChecks if present`
			`set HAS_HC (kubectl -n $KS_NS get kustomization $KS_NAME -o json \| jq -r '((.spec // {}) \| has("healthChecks"))')`
			`if test "$HAS_HC" = "true"`
			`info "Removing .spec.healthChecks from Kustomization"`
			`kubectl -n $KS_NS patch kustomization $KS_NAME --type json \`
			`-p='[{"op":"remove","path":"/spec/healthChecks"}]'; or true`
			`else`
			`ok "No .spec.healthChecks present"`
			`end`

			`# --- 3) Patch HelmRelease: disable waits/tests & stop auto-remediation --------`
			`info "Patching HelmRelease (disable waits & retries)"`
			`kubectl -n $HR_NS patch helmrelease $HR_NAME --type merge -p \`
			`'{`
			`"spec": {`
			`"install": { "disableWait": true, "remediation": { "retries": 0 } },`
			`"upgrade": { "disableWait": true, "remediation": { "retries": 0 } },`
			`"rollback": { "disableWait": true },`
			`"test": { "enable": false }`
			`}`
			`}'; or true`

			`# --- 4) Reconcile sources (Git & Helm repo) ----------------------------------`
			`info "Reconciling sources"`
			`flux reconcile source git $GIT_SRC -n $SRC_NS --timeout=2m; or true`
			`flux reconcile source helm $HELM_REPO -n $SRC_NS --timeout=2m; or true`
			`ok "Sources reconciled (best-effort)"`

			`# --- 5) Resume and force reconciles ------------------------------------------`
			`info "Resuming Kustomization and HelmRelease"`
			`flux resume kustomization $KS_NAME -n $KS_NS; or true`
			`flux resume helmrelease $HR_NAME -n $HR_NS; or true`

			`info "Reconciling Kustomization with source (no waits)"`
			`flux reconcile kustomization $KS_NAME -n $KS_NS --with-source --timeout=10m; or true`

			`info "FORCING HelmRelease reconcile (no waits)"`
			`flux reconcile helmrelease $HR_NAME -n $HR_NS --timeout=10m --force; or true`

			`# --- 6) Optional restore of original specs -----------------------------------`
			`if test "$RESTORE" = "yes"`
			`info "Restoring original specs and reconciling"`
			`if test -s $KS_BAK`
			`kubectl apply -f $KS_BAK; and flux reconcile kustomization $KS_NAME -n $KS_NS --timeout=5m; or true`
			`end`
			`if test -s $HR_BAK`
			`kubectl apply -f $HR_BAK; and flux reconcile helmrelease $HR_NAME -n $HR_NS --timeout=5m; or true`
			`end`
			`ok "Restored and reconciled"`
			`else`
			`warn "Not restoring original specs (you ran without --restore). Gates remain off until you change them back."`
			`end`

			`# --- 7) Show status -----------------------------------------------------------`
			`info "Current filtered status:"`
			`flux get kustomizations \| grep -E "(NAME\|^$KS_NAME\s)"; or true`
			`flux get helmreleases -A \| grep -E "(NAMESPACE\|^$HR_NS\s+$HR_NAME\s)"; or true`