Merge b92f603ed1 into a5776c44e9

2025-11-04 02:58:04 +00:00 · 2018-09-28 17:38:28 +00:00 · 2018-09-28 17:38:28 +00:00 · 118fd59e4b
commit 118fd59e4b
parent a5776c44e9 b92f603ed1
3 changed files with 37 additions and 2 deletions
--- a/1
+++ b/1
@ -3,5 +3,4 @@ RUN apk --no-cache add curl ca-certificates bash
 RUN curl -Lo /usr/local/bin/kubectl https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl
 RUN chmod +x /usr/local/bin/kubectl
 COPY update.sh /bin/
-ENTRYPOINT ["/bin/bash"]
 CMD ["/bin/update.sh"]
--- a/README.md
+++ b/README.md
@ -83,6 +83,39 @@ This more complex example demonstrates how to deploy to several environments bas
                branch: [ master ]
 ```

+## Debuging
+
+For debugging you firstly need to know if the kubectl inside the container is connecting to your cluster or not.
+Easiest way to find this out to compare your [local kubectl config](https://kubernetes.io/docs/tasks/tools/install-kubectl/) `~/.kube/config` file with the generated one.
+
+The generated kube conf will be
+```yaml
+    apiVersion: v1
+    clusters:
+    - cluster:
+        server: ${kubernetes_server}
+        #possible insecure-skip-tls-verify: true or cert settings
+      name: default
+    contexts:
+    - context:
+        cluster: default
+        user: ${kubernetes_user}
+      name: default
+    current-context: default
+    kind: Config
+    preferences: {}
+    users:
+    - name: ${kubernetes_user}
+      user:
+        token: ${kubernetes_token}
+```
+
+After that the script calls the following script for every deployment+container combination:
+```bash
+kubectl -n ${namespace} set image deployment/${deployment} \
+  ${container}=${repo}:${tag}
+```
+
 ## Required secrets

 ```bash
@ -98,6 +131,7 @@ This more complex example demonstrates how to deploy to several environments bas

 When using TLS Verification, ensure Server Certificate used by kubernetes API server 
 is signed for SERVER url ( could be a reason for failures if using aliases of kubernetes cluster )
+If you have valid ssl, you can use the `kubernetes_skip_insecure: true` flag too.

 ## How to get token
 1. After deployment inspect you pod for name of (k8s) secret with **token** and **ca.crt**
--- a/update.sh
+++ b/update.sh
@ -20,10 +20,12 @@ if [ ! -z ${PLUGIN_KUBERNETES_CERT} ]; then
  KUBERNETES_CERT=${PLUGIN_KUBERNETES_CERT}
 fi

-kubectl config set-credentials default --token=${KUBERNETES_TOKEN}
+kubectl config set-credentials ${PLUGIN_KUBERNETES_USER} --token=${KUBERNETES_TOKEN}
 if [ ! -z ${KUBERNETES_CERT} ]; then
  echo ${KUBERNETES_CERT} | base64 -d > ca.crt
  kubectl config set-cluster default --server=${KUBERNETES_SERVER} --certificate-authority=ca.crt
+elif [ ! -z ${PLUGIN_KUBERNETES_SKIP_INSECURE} ]; then
+  kubectl config set-cluster default --server=${KUBERNETES_SERVER}
 else
  echo "WARNING: Using insecure connection to cluster"
  kubectl config set-cluster default --server=${KUBERNETES_SERVER} --insecure-skip-tls-verify=true