Convert pre-install batch job from shell to Go code

[draychev]

This GitHub issue is to convert the pre-install Kubernetes job from shell script to Go code.

Why:

Bash in YAML makes it
a) hard to understand what this does
b) extremely difficult to test

Where:

osm-azure/charts/osm-arc/templates/osm-label.yml

Lines 122 to 187 in a317fec

	- name: osm-label
	image: {{ .Values.alpine.image.name }}:{{ .Values.alpine.image.tag }}
	imagePullPolicy: IfNotPresent
	env:
	- name: labelnamespaces
	value: {{ .Values.OpenServiceMesh.ignoreNamespaces }}
	- name: osmnamespace
	value: {{ .Release.Namespace }}
	securityContext:
	allowPrivilegeEscalation: false
	command:
	- "/bin/sh"
	- "-ec"
	- |
	set -o pipefail
	token=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
	namespaces=${labelnamespaces}
	for namespace in ${namespaces}
	do
	echo "Retrieving namespace ${namespace} details"
	namespaceDetails=$(curl -s -X GET -k https://kubernetes.default.svc/api/v1/namespaces/${namespace} \
	-H "Authorization: Bearer ${token}" \
	-H "Content-Type: application/json" \
	-H "Accept: application/json")
	kind=$(echo $namespaceDetails | jq .kind)
	if [ "$kind" = "\"Namespace\"" ]
	then
	cplabel=$(echo $namespaceDetails | jq .metadata.labels.\"openservicemesh.io/ignore\")
	if [ "$cplabel" = "null" ]
	then
	echo "Adding openservicemesh.io/ignore label to ${namespace}"
	patchstatus=$(curl -s -X PATCH -k https://kubernetes.default.svc/api/v1/namespaces/${namespace} \
	-d '{ "metadata": { "labels": { "openservicemesh.io/ignore": "true" } } }' \
	-H "Authorization: Bearer ${token}" \
	-H "Content-Type: application/strategic-merge-patch+json" \
	-H "Accept: application/json")
	else
	echo "openservicemesh.io/ignore label already exists on namespace ${namespace}"
	fi
	else
	echo "Failed to retrieve ${namespace} details"
	fi
	done
	echo "Retrieving namespace ${osmnamespace} details"
	namespaceDetails=$(curl -s -X GET -k https://kubernetes.default.svc/api/v1/namespaces/${osmnamespace} \
	-H "Authorization: Bearer ${token}" \
	-H "Content-Type: application/json" \
	-H "Accept: application/json")
	kind=$(echo $namespaceDetails | jq .kind)
	if [ "$kind" = "\"Namespace\"" ]
	then
	cplabel=$(echo $namespaceDetails | jq .metadata.labels.\"admission.policy.azure.com/ignore\")
	if [ "$cplabel" = "null" ]
	then
	echo "Adding admission.policy.azure.com/ignore label to ${osmnamespace}"
	patchstatus=$(curl -s -X PATCH -k https://kubernetes.default.svc/api/v1/namespaces/${osmnamespace} \
	-d '{ "metadata": { "labels": { "admission.policy.azure.com/ignore": "true" } } }' \
	-H "Authorization: Bearer ${token}" \
	-H "Content-Type: application/strategic-merge-patch+json" \
	-H "Accept: application/json")
	else
	echo "admission.policy.azure.com/ignore label already exists on namespace ${osmnamespace}"
	fi
	else
	echo "Failed to retrieve ${osmnamespace} details"
	fi

How:

I propose we

1. create a Go package in this repo - use Go K8s client instead of cURL
2. write tests for it
3. create a new Dockerfile
4. create release pipeline
5. push the image in the appropriate container registries
6. use the new container image instead of Alpine:

   osm-azure/charts/osm-arc/templates/osm-label.yml

   Line 123 in a317fec

   image: {{ .Values.alpine.image.name }}:{{ .Values.alpine.image.tag }}