Merge pull request #4 from razorpay/beta

functions and rollout fix
This commit is contained in:
Hashfyre 2018-02-01 20:02:55 +05:30 committed by GitHub
commit c80b0c2682
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 217 additions and 81 deletions

256
update.sh
View File

@ -1,52 +1,177 @@
#!/bin/bash #!/bin/bash
set -euo pipefail set -euo pipefail
# check optional params # globals
if [ ! -z ${PLUGIN_USER} ]; then USER=""
NAMESPACE=""
CLUSTER=""
DEPLOYMENTS=""
CONTAINERS=""
SERVER_URL=""
# set globals
setUser(){
USER=${PLUGIN_USER:-default} USER=${PLUGIN_USER:-default}
fi }
if [ ! -z ${PLUGIN_NAMESPACE} ]; then setNamespace(){
NAMESPACE=${PLUGIN_NAMESPACE:-default} NAMESPACE=${PLUGIN_NAMESPACE:-default}
fi }
# check required params setCluster(){
if [ ! -z ${PLUGIN_CLUSTER} ]; then if [ ! -z ${PLUGIN_CLUSTER} ]; then
# convert cluster name to ucase and assign # convert cluster name to ucase and assign
CLUSTER=${PLUGIN_CLUSTER^^} CLUSTER=${PLUGIN_CLUSTER^^}
else
# create dynamic cert var names echo "[ERROR] Required pipeline parameter: cluster not provided"
SERVER_URL_VAR=SERVER_URL_${CLUSTER}
SERVER_CERT_VAR=SERVER_CERT_${CLUSTER}
# expand the var contents
SERVER_URL=${!SERVER_URL_VAR}
SERVER_CERT=${!SERVER_CERT_VAR}
if [[ -z "${SERVER_URL}" ]]; then
echo "[ERROR] drone secret: ${SERVER_URL_VAR} not added!"
exit 1 exit 1
fi fi
}
setServerUrl(){
# create dynamic cert var names
local SERVER_URL_VAR=SERVER_URL_${CLUSTER}
SERVER_URL=${!SERVER_URL_VAR}
if [[ -z "${SERVER_URL}" ]]; then
echo "[ERROR] Required drone secret: ${SERVER_URL_VAR} not added!"
exit 1
fi
}
setGlobals(){
setUser
setNamespace
setCluster
setServerUrl
}
setSecureCluster(){
local CLUSTER=$1; shift
local SERVER_URL=$1; shift
local SERVER_CERT=$1
if [[ ! -z "${SERVER_CERT}" ]]; then
echo "[INFO] Using secure connection with tls-certificate." echo "[INFO] Using secure connection with tls-certificate."
echo ${SERVER_CERT} | base64 -d > ca.crt echo ${SERVER_CERT} | base64 -d > ca.crt
kubectl config set-cluster ${CLUSTER} --server=${SERVER_URL} --certificate-authority=ca.crt kubectl config set-cluster ${CLUSTER} --server=${SERVER_URL} --certificate-authority=ca.crt
}
# vars based on auth_mode setInsecureCluster(){
if [ ! -z ${PLUGIN_AUTH_MODE} ]; then local CLUSTER=$1; shift
if [[ "${PLUGIN_AUTH_MODE}" == "token" ]]; then local SERVER_URL=$1
echo "[INFO] Using Server token to authorize"
SERVER_TOKEN_VAR=SERVER_TOKEN_${CLUSTER} echo "[WARNING] Using insecure connection to cluster"
# expand kubectl config set-cluster ${CLUSTER} --server=${SERVER_URL} --insecure-skip-tls-verify=true
SERVER_TOKEN=${!SERVER_TOKEN_VAR} }
if [[ ! -z "${SERVER_TOKEN}" ]]; then
setClientToken(){
local USER=$1; shift
local SERVER_TOKEN=$1
echo "[INFO] Setting client credentials with token"
kubectl config set-credentials ${USER} --token=${SERVER_TOKEN} kubectl config set-credentials ${USER} --token=${SERVER_TOKEN}
}
setClientCertAndKey(){
local USER=$1; shift
local CLIENT_CERT=$1; shift
local CLIENT_KEY=$1
echo "[INFO] Setting client credentials with signed-certificate and key."
echo ${CLIENT_CERT} | base64 -d > client.crt
echo ${CLIENT_KEY} | base64 -d > client.key
kubectl config set-credentials ${USER} --client-certificate=client.crt --client-key=client.key
}
setContext(){
local CLUSTER=$1; shift
local USER=$1
kubectl config set-context ${CLUSTER} --cluster=${CLUSTER} --user=${USER}
kubectl config use-context ${CLUSTER}
}
pollDeploymentRollout(){
local NAMESPACE=$1; shift
local DEPLOY=$1
local TIMEOUT=600
# wait on deployment rollout status
echo "[INFO] Watching ${DEPLOY} rollout status..."
while true; do
result=`kubectl -n ${NAMESPACE} rollout status --watch=false --revision=0 deployment/${DEPLOY}`
echo ${result}
if [[ "${result}" == "deployment \"${DEPLOY}\" successfully rolled out" ]]; then
return 0
else else
echo "[ERROR] Required plugin param - server_token - not provided." # TODO: more conditions for error handling based on result text
sleep 10
TIMEOUT=$((TIMEOUT-10))
if [ "${TIMEOUT}" -eq 0 ]; then
return 1
fi
fi
done
}
startDeployment(){
local NAMESPACE=$1; shift
local DEPLOY=$1; shift
local CONTAINER=$1
kubectl -n ${NAMESPACE} set image deployment/${DEPLOY} \
${CONTAINER}="${PLUGIN_REPO}:${PLUGIN_TAG}" --record
pollDeploymentRollout ${NAMESPACE} ${DEPLOY}
if [ "$?" -eq 0 ]; then
return 0
else
return 1
fi
}
startDeployments(){
local CLUSTER=$1; shift
local NAMESPACE=$1
IFS=',' read -r -a DEPLOYMENTS <<< "${PLUGIN_DEPLOYMENT}"
IFS=',' read -r -a CONTAINERS <<< "${PLUGIN_CONTAINER}"
for DEPLOY in ${DEPLOYMENTS[@]}; do
echo "[INFO] Deploying ${DEPLOY} to ${CLUSTER} ${NAMESPACE}"
for CONTAINER in ${CONTAINERS[@]}; do
startDeployment ${NAMESPACE} ${DEPLOY} ${CONTAINER}
if [ "$?" -eq 0 ]; then
continue
else
exit 0
fi
done
done
}
clientAuthToken(){
local CLUSTER=$1; shift
local USER=$1
echo "[INFO] Using Server token to authorize"
CLIENT_TOKEN_VAR=CLIENT_TOKEN_${CLUSTER}
CLIENT_TOKEN=${!CLIENT_TOKEN_VAR}
if [[ ! -z "${CLIENT_TOKEN}" ]]; then
setClientToken ${USER} ${CLIENT_TOKEN}
else
echo "[ERROR] Required plugin secrets:"
echo " - ${CLIENT_TOKEN_VAR}"
echo "not provided."
exit 1 exit 1
fi fi
elif [[ "${PLUGIN_AUTH_MODE}" == "client-cert" ]]; then }
clientAuthCert(){
local CLUSTER=$1; shift
local USER=$1
echo "[INFO] Using Client cert and Key to authorize" echo "[INFO] Using Client cert and Key to authorize"
CLIENT_CERT_VAR=CLIENT_CERT_${CLUSTER} CLIENT_CERT_VAR=CLIENT_CERT_${CLUSTER}
CLIENT_KEY_VAR=CLIENT_KEY_${CLUSTER} CLIENT_KEY_VAR=CLIENT_KEY_${CLUSTER}
@ -55,45 +180,56 @@ if [ ! -z ${PLUGIN_CLUSTER} ]; then
CLIENT_KEY=${!CLIENT_KEY_VAR} CLIENT_KEY=${!CLIENT_KEY_VAR}
if [[ ! -z "${CLIENT_CERT}" ]] && [[ ! -z "${CLIENT_KEY}" ]]; then if [[ ! -z "${CLIENT_CERT}" ]] && [[ ! -z "${CLIENT_KEY}" ]]; then
echo "[INFO] Setting client credentials with signed-certificate and key." setClientCertAndKey ${USER} ${CLIENT_CERT} ${CLIENT_KEY}
echo ${CLIENT_CERT} | base64 -d > client.crt
echo ${CLIENT_KEY} | base64 -d > client.key
kubectl config set-credentials ${USER} --client-certificate=client.crt --client-key=client.key
else else
echo "[ERROR] Required plugin parameters:" echo "[ERROR] Required plugin secrets:"
echo " - client_cert" echo " - ${CLIENT_CERT_VAR}"
echo " - client_key" echo " - ${CLIENT_KEY_VAR}"
echo "are not provided" echo "not provided"
exit 1
fi
}
clientAuth(){
local AUTH_MODE=$1; shift
local CLUSTER=$1; shift
local USER=$1
if [ ! -z ${AUTH_MODE} ]; then
if [[ "${AUTH_MODE}" == "token" ]]; then
clientAuthToken ${CLUSTER} ${USER}
elif [[ "${AUTH_MODE}" == "client-cert" ]]; then
clientAuthCert ${CLUSTER} ${USER}
else
echo "[ERROR] Required plugin param - auth_mode - Should be either:"
echo "[ token | client-cert ]"
exit 1 exit 1
fi fi
else else
echo "[ERROR] Required plugin param - auth_mode - not provided" echo "[ERROR] Required plugin param - auth_mode - not provided"
echo "[INFO] Should be either [ token | client-cert ]"
exit 1 exit 1
fi fi
fi }
clusterAuth(){
local SERVER_URL=$1; shift
local CLUSTER=$1; shift
local USER=$1
SERVER_CERT_VAR=SERVER_CERT_${CLUSTER}
SERVER_CERT=${!SERVER_CERT_VAR}
if [[ ! -z "${SERVER_CERT}" ]]; then
setSecureCluster ${CLUSTER} ${SERVER_URL} ${SERVER_CERT}
AUTH_MODE=${PLUGIN_AUTH_MODE}
clientAuth ${AUTH_MODE} ${CLUSTER} ${USER}
else else
echo "[WARNING] Required plugin parameter: ${SERVER_CERT_VAR} not added!" echo "[WARNING] Required plugin parameter: ${SERVER_CERT_VAR} not added!"
echo "[WARNING] Using insecure connection to cluster" setInsecureCluster ${CLUSTER} ${SERVER_URL}
kubectl config set-cluster ${CLUSTER} --server=${SERVER_URL} --insecure-skip-tls-verify=true
fi fi
else }
echo "[ERROR] Required pipeline parameter: cluster not provided"
exit 1
fi
kubectl config set-context ${CLUSTER} --cluster=${CLUSTER} --user=${USER} setGlobals
kubectl config use-context ${CLUSTER} clusterAuth ${SERVER_URL} ${CLUSTER} ${USER}
setContext ${CLUSTER} ${USER}
# kubectl version startDeployments ${CLUSTER} ${NAMESPACE}
IFS=',' read -r -a DEPLOYMENTS <<< "${PLUGIN_DEPLOYMENT}"
IFS=',' read -r -a CONTAINERS <<< "${PLUGIN_CONTAINER}"
for DEPLOY in ${DEPLOYMENTS[@]}; do
echo Deploying to ${CLUSTER}
for CONTAINER in ${CONTAINERS[@]}; do
kubectl -n ${NAMESPACE} set image deployment/${DEPLOY} \
${CONTAINER}="${PLUGIN_REPO}:${PLUGIN_TAG}" --record
done
# wait on deployment rollout status
# kubectl -n ${NAMESPACE} rollout status deployment/${DEPLOY}
done