script: update: drops base64 enc of certs, fixes bash errs

This commit is contained in:
hashfyre 2018-01-10 04:02:29 +05:30
parent 6994a596ae
commit 3902a7985a
1 changed files with 39 additions and 34 deletions

View File

@ -1,55 +1,60 @@
#!/bin/bash #!/bin/bash
set -euo pipefail set -euo pipefail
if [ -z ${PLUGIN_NAMESPACE} ]; then
PLUGIN_NAMESPACE="default"
fi
if [ ! -z ${PLUGIN_KUBERNETES_SERVER} ]; then
KUBERNETES_SERVER=$PLUGIN_KUBERNETES_SERVER
else
echo "ERROR: kubernetes_server url not provided"
fi
if [ ! -z ${PLUGIN_KUBERNETES_CERT} ]; then
KUBERNETES_CERT=${PLUGIN_KUBERNETES_CERT}
else
echo "WARNING: kubernetes_server_cert not provided"
echo "Inscure connection to the cluster will be used."
fi
if [ ! -z ${PLUGIN_KUBERNETES_USER} ]; then if [ ! -z ${PLUGIN_KUBERNETES_USER} ]; then
KUBERNETES_USER=${PLUGIN_KUBERNETES_USER:-default} KUBERNETES_USER=${PLUGIN_KUBERNETES_USER:-default}
fi fi
if [ ! -z ${PLUGIN_KUBERNETES_CLIENT_CERT} ] && [ ! -z ${PLUGIN_KUBERNETES_CLIENT_KEY} ]; then if [ ! -z ${PLUGIN_KUBERNETES_ENV} ]; then
KUBERNETES_CLIENT_CERT=$PLUGIN_KUBERNETES_CLIENT_CERT KUBERNETES_ENV=${PLUGIN_KUBERNETES_ENV}
KUBERNETES_CLIENT_KEY=$PLUGIN_KUBERNETES_CLIENT_KEY
echo "INFO: Setting client credentials with signed-certificate and key." KUBERNETES_SERVER_VAR=KUBERNETES_SERVER_${KUBERNETES_ENV}
echo ${KUBERNETES_CLIENT_CERT} | base64 -d > client.crt KUBERNETES_CERT_VAR=KUBERNETES_SERVER_CERT_${KUBERNETES_ENV}
echo ${KUBERNETES_CLIENT_KEY} | base64 -d > client.key
kubectl config set-credentials ${KUBERNETES_USER} --client-certificate=client.crt --client-key=client.key KUBERNETES_SERVER=${!KUBERNETES_SERVER_VAR}
elif [ ! -z ${PLUGIN_KUBERNETES_TOKEN} ]; then KUBERNETES_CERT=${!KUBERNETES_CERT_VAR}
KUBERNETES_TOKEN=$PLUGIN_KUBERNETES_TOKEN
echo "INFO: Setting client credentials with token." if [[ -z "${KUBERNETES_SERVER}" ]]; then
kubectl config set-credentials ${KUBERNETES_USER} --token=${KUBERNETES_TOKEN} echo "ERROR: drone secret ${KUBERNETES_SERVER_VAR} not added!"
else
echo "ERROR: Provide either of the following authentication params:"
echo "[1] kubernetes_token"
echo "[2] kubernetes_client_cert and kubernetes_client_key"
exit 1 exit 1
fi fi
if [ ! -z ${KUBERNETES_CERT} ]; then if [[ -z "${KUBERNETES_CERT}" ]]; then
echo "ERROR: drone secret ${KUBERNETES_CERT_VAR} not added!"
echo "Inscure connection to the cluster will be used."
fi
else
echo "ERROR: kubernetes_env not provided"
exit 1
fi
if [ -z ${PLUGIN_NAMESPACE} ]; then
PLUGIN_NAMESPACE="default"
fi
if [[ ! -z "${KUBERNETES_CLIENT_CERT}" ]] && [[ ! -z "${KUBERNETES_CLIENT_KEY}" ]]; then
echo "INFO: Setting client credentials with signed-certificate and key."
echo ${KUBERNETES_CLIENT_CERT} > client.crt
echo ${KUBERNETES_CLIENT_KEY} > client.key
kubectl config set-credentials ${KUBERNETES_USER} --client-certificate=client.crt --client-key=client.key
else
echo "ERROR: Provide the following authentication params:"
echo " - kubernetes_client_cert"
echo " - kubernetes_client_key"
echo "as drone secrets"
exit 1
fi
if [ ! -z "${KUBERNETES_CERT}" ]; then
echo "INFO: Using secure connection with tls-certificate." echo "INFO: Using secure connection with tls-certificate."
echo ${KUBERNETES_CERT} | base64 -d > ca.crt echo ${KUBERNETES_CERT} > ca.crt
kubectl config set-cluster default --server=${KUBERNETES_SERVER} --certificate-authority=ca.crt kubectl config set-cluster default --server=${KUBERNETES_SERVER} --certificate-authority=ca.crt
else else
echo "WARNING: Using insecure connection to cluster" echo "WARNING: Using insecure connection to cluster"
kubectl config set-cluster default --server=${KUBERNETES_SERVER} --insecure-skip-tls-verify=true kubectl config set-cluster default --server=${KUBERNETES_SERVER} --insecure-skip-tls-verify=true
fi fi
kubectl config set-context default --cluster=default --user=default kubectl config set-context default --cluster=default --user=${KUBERNETES_USER}
kubectl config use-context default kubectl config use-context default
# kubectl version # kubectl version