troubleshoot_backstage.ps1

troubleshoot_backstage.ps1

# Set variables
$namespace = "default"
$serviceAccount = "backstage-sa"
$roleBinding = "backstage-sa-binding"
$tokenFile = "backstage-sa-token.txt"
$kubeApiServer = "https://127.0.0.1:50442"
$appConfigPath = "./app-config.yaml"

Write-Host "Starting troubleshooting for Backstage Kubernetes integration..." -ForegroundColor Green

# 1. Check if the Service Account exists
Write-Host "Checking if Service Account: $serviceAccount exists..."
$saExists = kubectl get serviceaccount $serviceAccount --namespace $namespace -o json 2>$null

if ($saExists) {
    Write-Host "Service Account $serviceAccount already exists."
} else {
    Write-Host "Creating Service Account: $serviceAccount in namespace $namespace"
    kubectl create serviceaccount $serviceAccount --namespace $namespace
}

# 2. Check if the ClusterRoleBinding exists
Write-Host "Checking if ClusterRoleBinding: $roleBinding exists..."
$rbExists = kubectl get clusterrolebinding $roleBinding -o json 2>$null

if ($rbExists) {
    Write-Host "ClusterRoleBinding $roleBinding already exists."
} else {
    Write-Host "Creating ClusterRoleBinding: $roleBinding to bind the 'view' role"
    kubectl create clusterrolebinding $roleBinding --clusterrole=view --serviceaccount=$namespace:$serviceAccount
}

# 3. Check if the token file exists
Write-Host "Checking if token file: $tokenFile exists..."
if (Test-Path $tokenFile) {
    Write-Host "Token file $tokenFile already exists. Skipping token generation."
    $token = Get-Content $tokenFile
} else {
    Write-Host "Generating token for Service Account: $serviceAccount"
    $token = kubectl create token $serviceAccount --namespace $namespace
    
    # Save the token to a file
    Write-Host "Saving the token to $tokenFile"
    $token | Out-File -FilePath $tokenFile -Force
}

# 4. Check if the app-config.yaml file contains the token
Write-Host "Checking if app-config.yaml contains the token..."
$appConfigContent = Get-Content $appConfigPath
if ($appConfigContent -contains $token) {
    Write-Host "app-config.yaml already contains the correct token."
} else {
    Write-Host "Updating the $appConfigPath with the generated token..."
    (Get-Content $appConfigPath).replace('<your_actual_token_here>', $token) | Set-Content $appConfigPath
}

# 5. Test API Access using the generated token
Write-Host "Testing API access with the generated token..."
$apiTest = Invoke-RestMethod -Uri "$kubeApiServer/api/v1/namespaces/$namespace/pods" -Headers @{ Authorization = "Bearer $token" } -UseBasicParsing -SkipCertificateCheck -Method Get -ErrorAction SilentlyContinue
if ($apiTest) {
    Write-Host "API access test successful. Pods listed successfully." -ForegroundColor Green
} else {
    Write-Host "API access test failed. Please check the Service Account permissions." -ForegroundColor Red
}

# 6. Check if the Backstage Kubernetes backend is initialized correctly
Write-Host "Checking Backstage backend logs for Kubernetes initialization..."
$logFilePath = "./packages/backend/logs/backend.log"
if (Select-String -Path $logFilePath -Pattern "Failed to initialize kubernetes backend") {
    Write-Host "Kubernetes backend initialization failed. Please check your app-config.yaml." -ForegroundColor Red
} else {
    Write-Host "Kubernetes backend initialization successful." -ForegroundColor Green
}

Write-Host "Troubleshooting completed. Review the above output for any issues."

# 7. Provide further instructions
Write-Host "If you have updated the app-config.yaml, please restart your Backstage backend service to apply changes."