code-sanity
This commit is contained in:
hashfyre
parent
ad2ec49271
commit
d8eefee123
88
update.sh
88
update.sh
|
|
@ -1,69 +1,71 @@
|
|||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
|
||||
if [ ! -z ${PLUGIN_KUBERNETES_USER} ]; then
|
||||
KUBERNETES_USER=${PLUGIN_KUBERNETES_USER:-default}
|
||||
# check optional params
|
||||
if [ ! -z ${PLUGIN_USER} ]; then
|
||||
USER=${PLUGIN_USER:-default}
|
||||
fi
|
||||
|
||||
if [ ! -z ${PLUGIN_KUBERNETES_ENV} ]; then
|
||||
KUBERNETES_ENV=${PLUGIN_KUBERNETES_ENV}
|
||||
if [ ! -z ${PLUGIN_NAMESPACE} ]; then
|
||||
NAMESPACE=${PLUGIN_NAMESPACE:-default}
|
||||
fi
|
||||
|
||||
KUBERNETES_SERVER_VAR=KUBERNETES_SERVER_${KUBERNETES_ENV}
|
||||
KUBERNETES_CERT_VAR=KUBERNETES_SERVER_CERT_${KUBERNETES_ENV}
|
||||
# check required params
|
||||
if [ ! -z ${PLUGIN_CLUSTER} ]; then
|
||||
CLUSTER=${PLUGIN_CLUSTER}
|
||||
|
||||
KUBERNETES_SERVER=${!KUBERNETES_SERVER_VAR}
|
||||
KUBERNETES_CERT=${!KUBERNETES_CERT_VAR}
|
||||
SERVER_URL_VAR=SERVER_URL_${CLUSTER}
|
||||
SERVER_CERT_VAR=SERVER_CERT_${CLUSTER}
|
||||
CLIENT_CERT_VAR=CLIENT_CERT_${CLUSTER}
|
||||
CLIENT_KEY_VAR=CLIENT_KEY_${CLUSTER}
|
||||
|
||||
if [[ -z "${KUBERNETES_SERVER}" ]]; then
|
||||
echo "ERROR: drone secret ${KUBERNETES_SERVER_VAR} not added!"
|
||||
SERVER_URL=${!SERVER_URL_VAR}
|
||||
SERVER_CERT=${!SERVER_CERT_VAR}
|
||||
CLIENT_CERT=${!CLIENT_CERT_VAR}
|
||||
CLIENT_KEY=${!CLIENT_KEY_VAR}
|
||||
|
||||
if [[ -z "${SERVER_URL}" ]]; then
|
||||
echo "[ERROR] drone secret: ${SERVER_URL_VAR} not added!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ -z "${KUBERNETES_CERT}" ]]; then
|
||||
echo "ERROR: drone secret ${KUBERNETES_CERT_VAR} not added!"
|
||||
echo "Inscure connection to the cluster will be used."
|
||||
if [[ ! -z "${SERVER_CERT}" ]]; then
|
||||
echo "[INFO] Using secure connection with tls-certificate."
|
||||
echo ${SERVER_CERT} | base64 -d > ca.crt
|
||||
kubectl config set-cluster default --server=${SERVER_URL} --certificate-authority=ca.crt
|
||||
|
||||
if [[ ! -z "${CLIENT_CERT}" ]] && [[ ! -z "${CLIENT_KEY}" ]]; then
|
||||
echo "[INFO] Setting client credentials with signed-certificate and key."
|
||||
echo ${CLIENT_CERT} | base64 -d > client.crt
|
||||
echo ${CLIENT_KEY} | base64 -d > client.key
|
||||
kubectl config set-credentials ${USER} --client-certificate=client.crt --client-key=client.key
|
||||
else
|
||||
echo "[ERROR] Required plugin parameters:"
|
||||
echo " - client_cert"
|
||||
echo " - client_key"
|
||||
echo "are not provided"
|
||||
exit 1
|
||||
fi
|
||||
else
|
||||
echo "[WARNING] Required plugin parameter: ${SERVER_CERT_VAR} not added!"
|
||||
echo "[WARNING] Using insecure connection to cluster"
|
||||
kubectl config set-cluster default --server=${SERVER_URL} --insecure-skip-tls-verify=true
|
||||
fi
|
||||
else
|
||||
echo "ERROR: kubernetes_env not provided"
|
||||
echo "[ERROR] Required pipeline parameter: cluster not provided"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -z ${PLUGIN_NAMESPACE} ]; then
|
||||
PLUGIN_NAMESPACE="default"
|
||||
fi
|
||||
|
||||
if [[ ! -z "${KUBERNETES_CLIENT_CERT}" ]] && [[ ! -z "${KUBERNETES_CLIENT_KEY}" ]]; then
|
||||
echo "INFO: Setting client credentials with signed-certificate and key."
|
||||
echo ${KUBERNETES_CLIENT_CERT} | base64 -d > client.crt
|
||||
echo ${KUBERNETES_CLIENT_KEY} | base64 -d > client.key
|
||||
kubectl config set-credentials ${KUBERNETES_USER} --client-certificate=client.crt --client-key=client.key
|
||||
else
|
||||
echo "ERROR: Provide the following authentication params:"
|
||||
echo " - kubernetes_client_cert"
|
||||
echo " - kubernetes_client_key"
|
||||
echo "as drone secrets"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ ! -z "${KUBERNETES_CERT}" ]; then
|
||||
echo "INFO: Using secure connection with tls-certificate."
|
||||
echo ${KUBERNETES_CERT} | base64 -d > ca.crt
|
||||
kubectl config set-cluster default --server=${KUBERNETES_SERVER} --certificate-authority=ca.crt
|
||||
else
|
||||
echo "WARNING: Using insecure connection to cluster"
|
||||
kubectl config set-cluster default --server=${KUBERNETES_SERVER} --insecure-skip-tls-verify=true
|
||||
fi
|
||||
|
||||
kubectl config set-context default --cluster=default --user=${KUBERNETES_USER}
|
||||
kubectl config set-context default --cluster=default --user=${USER}
|
||||
kubectl config use-context default
|
||||
|
||||
# kubectl version
|
||||
IFS=',' read -r -a DEPLOYMENTS <<< "${PLUGIN_DEPLOYMENT}"
|
||||
IFS=',' read -r -a CONTAINERS <<< "${PLUGIN_CONTAINER}"
|
||||
for DEPLOY in ${DEPLOYMENTS[@]}; do
|
||||
echo Deploying to ${KUBERNETES_ENV}
|
||||
echo Deploying to ${CLUSTER}
|
||||
for CONTAINER in ${CONTAINERS[@]}; do
|
||||
kubectl -n ${PLUGIN_NAMESPACE} set image deployment/${DEPLOY} \
|
||||
kubectl -n ${NAMESPACE} set image deployment/${DEPLOY} \
|
||||
${CONTAINER}="${PLUGIN_REPO}:${PLUGIN_TAG}" --record
|
||||
done
|
||||
done
|
||||
|
|
|
|||
Loading…
Reference in New Issue