script: rewrite with functions
This commit is contained in:
parent
661f470526
commit
e715f7e0e8
228
update.sh
228
update.sh
|
@ -1,52 +1,151 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
# check optional params
|
# globals
|
||||||
if [ ! -z ${PLUGIN_USER} ]; then
|
USER=""
|
||||||
|
NAMESPACE=""
|
||||||
|
CLUSTER=""
|
||||||
|
DEPLOYMENTS=""
|
||||||
|
CONTAINERS=""
|
||||||
|
SERVER_URL=""
|
||||||
|
|
||||||
|
# set globals
|
||||||
|
setUser(){
|
||||||
USER=${PLUGIN_USER:-default}
|
USER=${PLUGIN_USER:-default}
|
||||||
fi
|
}
|
||||||
|
|
||||||
if [ ! -z ${PLUGIN_NAMESPACE} ]; then
|
setNamespace(){
|
||||||
NAMESPACE=${PLUGIN_NAMESPACE:-default}
|
NAMESPACE=${PLUGIN_NAMESPACE:-default}
|
||||||
fi
|
}
|
||||||
|
|
||||||
# check required params
|
setDeployments(){
|
||||||
|
IFS=',' read -r -a DEPLOYMENTS <<< "${PLUGIN_DEPLOYMENT}"
|
||||||
|
}
|
||||||
|
|
||||||
|
setContainers(){
|
||||||
|
IFS=',' read -r -a CONTAINERS <<< "${PLUGIN_CONTAINER}"
|
||||||
|
}
|
||||||
|
|
||||||
|
setCluster(){
|
||||||
if [ ! -z ${PLUGIN_CLUSTER} ]; then
|
if [ ! -z ${PLUGIN_CLUSTER} ]; then
|
||||||
# convert cluster name to ucase and assign
|
# convert cluster name to ucase and assign
|
||||||
CLUSTER=${PLUGIN_CLUSTER^^}
|
CLUSTER=${PLUGIN_CLUSTER^^}
|
||||||
|
else
|
||||||
# create dynamic cert var names
|
echo "[ERROR] Required pipeline parameter: cluster not provided"
|
||||||
SERVER_URL_VAR=SERVER_URL_${CLUSTER}
|
|
||||||
SERVER_CERT_VAR=SERVER_CERT_${CLUSTER}
|
|
||||||
|
|
||||||
# expand the var contents
|
|
||||||
SERVER_URL=${!SERVER_URL_VAR}
|
|
||||||
SERVER_CERT=${!SERVER_CERT_VAR}
|
|
||||||
|
|
||||||
if [[ -z "${SERVER_URL}" ]]; then
|
|
||||||
echo "[ERROR] drone secret: ${SERVER_URL_VAR} not added!"
|
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
setServerUrl(){
|
||||||
|
# create dynamic cert var names
|
||||||
|
local SERVER_URL_VAR=SERVER_URL_${CLUSTER}
|
||||||
|
SERVER_URL=${!SERVER_URL_VAR}
|
||||||
|
if [[ -z "${SERVER_URL}" ]]; then
|
||||||
|
echo "[ERROR] Required drone secret: ${SERVER_URL_VAR} not added!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
setGlobals(){
|
||||||
|
setUser
|
||||||
|
setNamespace
|
||||||
|
setDeployments
|
||||||
|
setContainers
|
||||||
|
setCluster
|
||||||
|
setServerUrl
|
||||||
|
}
|
||||||
|
|
||||||
|
setSecureCluster(){
|
||||||
|
local CLUSTER=$1; shift
|
||||||
|
local SERVER_URL=$1; shift
|
||||||
|
local SERVER_CERT=$1
|
||||||
|
|
||||||
if [[ ! -z "${SERVER_CERT}" ]]; then
|
|
||||||
echo "[INFO] Using secure connection with tls-certificate."
|
echo "[INFO] Using secure connection with tls-certificate."
|
||||||
echo ${SERVER_CERT} | base64 -d > ca.crt
|
echo ${SERVER_CERT} | base64 -d > ca.crt
|
||||||
kubectl config set-cluster ${CLUSTER} --server=${SERVER_URL} --certificate-authority=ca.crt
|
kubectl config set-cluster ${CLUSTER} --server=${SERVER_URL} --certificate-authority=ca.crt
|
||||||
|
}
|
||||||
|
|
||||||
# vars based on auth_mode
|
setInsecureCluster(){
|
||||||
if [ ! -z ${PLUGIN_AUTH_MODE} ]; then
|
local CLUSTER=$1; shift
|
||||||
if [[ "${PLUGIN_AUTH_MODE}" == "token" ]]; then
|
local SERVER_URL=$1
|
||||||
echo "[INFO] Using Server token to authorize"
|
|
||||||
SERVER_TOKEN_VAR=SERVER_TOKEN_${CLUSTER}
|
echo "[WARNING] Using insecure connection to cluster"
|
||||||
# expand
|
kubectl config set-cluster ${CLUSTER} --server=${SERVER_URL} --insecure-skip-tls-verify=true
|
||||||
SERVER_TOKEN=${!SERVER_TOKEN_VAR}
|
}
|
||||||
if [[ ! -z "${SERVER_TOKEN}" ]]; then
|
|
||||||
|
setServerToken(){
|
||||||
|
local USER=$1; shift
|
||||||
|
local SERVER_TOKEN=$1
|
||||||
|
|
||||||
|
echo "[INFO] Setting client credentials with token"
|
||||||
kubectl config set-credentials ${USER} --token=${SERVER_TOKEN}
|
kubectl config set-credentials ${USER} --token=${SERVER_TOKEN}
|
||||||
|
}
|
||||||
|
|
||||||
|
setClientCertAndKey(){
|
||||||
|
local USER=$1; shift
|
||||||
|
local CLIENT_CERT=$1; shift
|
||||||
|
local CLIENT_KEY=$1
|
||||||
|
|
||||||
|
echo "[INFO] Setting client credentials with signed-certificate and key."
|
||||||
|
echo ${CLIENT_CERT} | base64 -d > client.crt
|
||||||
|
echo ${CLIENT_KEY} | base64 -d > client.key
|
||||||
|
kubectl config set-credentials ${USER} --client-certificate=client.crt --client-key=client.key
|
||||||
|
}
|
||||||
|
|
||||||
|
setContext(){
|
||||||
|
local CLUSTER=$1; shift
|
||||||
|
local USER=$1
|
||||||
|
|
||||||
|
kubectl config set-context ${CLUSTER} --cluster=${CLUSTER} --user=${USER}
|
||||||
|
kubectl config use-context ${CLUSTER}
|
||||||
|
}
|
||||||
|
|
||||||
|
pollDeploymentRollout(){
|
||||||
|
local NAMESPACE=$1; shift
|
||||||
|
local DEPLOY=$1
|
||||||
|
# wait on deployment rollout status
|
||||||
|
kubectl -n ${NAMESPACE} rollout status --watch=false --revision=0 deployment/${DEPLOY}
|
||||||
|
}
|
||||||
|
|
||||||
|
startDeployment(){
|
||||||
|
local CLUSTER=$1; shift
|
||||||
|
local NAMESPACE=$1; shift
|
||||||
|
local DEPLOYMENTS=$1; shift
|
||||||
|
local CONTAINERS=$1
|
||||||
|
|
||||||
|
for DEPLOY in ${DEPLOYMENTS[@]}; do
|
||||||
|
echo Deploying to ${CLUSTER}
|
||||||
|
for CONTAINER in ${CONTAINERS[@]}; do
|
||||||
|
kubectl -n ${NAMESPACE} set image deployment/${DEPLOY} \
|
||||||
|
${CONTAINER}="${PLUGIN_REPO}:${PLUGIN_TAG}" --record
|
||||||
|
done
|
||||||
|
#pollDeploymentRollout ${NAMESPACE} ${DEPLOY}
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
clientAuthToken(){
|
||||||
|
local CLUSTER=$1; shift
|
||||||
|
local USER=$1
|
||||||
|
|
||||||
|
echo "[INFO] Using Server token to authorize"
|
||||||
|
|
||||||
|
CLIENT_TOKEN_VAR=CLIENT_TOKEN_${CLUSTER}
|
||||||
|
CLIENT_TOKEN=${!CLIENT_TOKEN_VAR}
|
||||||
|
|
||||||
|
if [[ ! -z "${CLIENT_TOKEN}" ]]; then
|
||||||
|
setClientToken ${USER} ${CLIENT_TOKEN}
|
||||||
else
|
else
|
||||||
echo "[ERROR] Required plugin param - server_token - not provided."
|
echo "[ERROR] Required plugin secrets:"
|
||||||
|
echo " - ${CLIENT_TOKEN_VAR}"
|
||||||
|
echo "not provided."
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
elif [[ "${PLUGIN_AUTH_MODE}" == "client-cert" ]]; then
|
}
|
||||||
|
|
||||||
|
clientAuthCert(){
|
||||||
|
local CLUSTER=$1; shift
|
||||||
|
local USER=$1
|
||||||
|
|
||||||
echo "[INFO] Using Client cert and Key to authorize"
|
echo "[INFO] Using Client cert and Key to authorize"
|
||||||
CLIENT_CERT_VAR=CLIENT_CERT_${CLUSTER}
|
CLIENT_CERT_VAR=CLIENT_CERT_${CLUSTER}
|
||||||
CLIENT_KEY_VAR=CLIENT_KEY_${CLUSTER}
|
CLIENT_KEY_VAR=CLIENT_KEY_${CLUSTER}
|
||||||
|
@ -55,45 +154,56 @@ if [ ! -z ${PLUGIN_CLUSTER} ]; then
|
||||||
CLIENT_KEY=${!CLIENT_KEY_VAR}
|
CLIENT_KEY=${!CLIENT_KEY_VAR}
|
||||||
|
|
||||||
if [[ ! -z "${CLIENT_CERT}" ]] && [[ ! -z "${CLIENT_KEY}" ]]; then
|
if [[ ! -z "${CLIENT_CERT}" ]] && [[ ! -z "${CLIENT_KEY}" ]]; then
|
||||||
echo "[INFO] Setting client credentials with signed-certificate and key."
|
setClientCertAndKey ${USER} ${CLIENT_CERT} ${CLIENT_KEY}
|
||||||
echo ${CLIENT_CERT} | base64 -d > client.crt
|
|
||||||
echo ${CLIENT_KEY} | base64 -d > client.key
|
|
||||||
kubectl config set-credentials ${USER} --client-certificate=client.crt --client-key=client.key
|
|
||||||
else
|
else
|
||||||
echo "[ERROR] Required plugin parameters:"
|
echo "[ERROR] Required plugin secrets:"
|
||||||
echo " - client_cert"
|
echo " - ${CLIENT_CERT_VAR}"
|
||||||
echo " - client_key"
|
echo " - ${CLIENT_KEY_VAR}"
|
||||||
echo "are not provided"
|
echo "not provided"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
clientAuth(){
|
||||||
|
local AUTH_MODE=$1; shift
|
||||||
|
local CLUSTER=$1; shift
|
||||||
|
local USER=$1
|
||||||
|
|
||||||
|
if [ ! -z ${AUTH_MODE} ]; then
|
||||||
|
if [[ "${AUTH_MODE}" == "token" ]]; then
|
||||||
|
clientAuthToken ${CLUSTER} ${USER}
|
||||||
|
elif [[ "${AUTH_MODE}" == "client-cert" ]]; then
|
||||||
|
clientAuthCert ${CLUSTER} ${USER}
|
||||||
|
else
|
||||||
|
echo "[ERROR] Required plugin param - auth_mode - Should be either:"
|
||||||
|
echo "[ token | client-cert ]"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
echo "[ERROR] Required plugin param - auth_mode - not provided"
|
echo "[ERROR] Required plugin param - auth_mode - not provided"
|
||||||
echo "[INFO] Should be either [ token | client-cert ]"
|
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
fi
|
}
|
||||||
|
|
||||||
|
clusterAuth(){
|
||||||
|
local SERVER_URL=$1; shift
|
||||||
|
local CLUSTER=$1; shift
|
||||||
|
local USER=$1
|
||||||
|
|
||||||
|
SERVER_CERT_VAR=SERVER_CERT_${CLUSTER}
|
||||||
|
SERVER_CERT=${!SERVER_CERT_VAR}
|
||||||
|
|
||||||
|
if [[ ! -z "${SERVER_CERT}" ]]; then
|
||||||
|
setSecureCluster ${CLUSTER} ${SERVER_URL} ${SERVER_CERT}
|
||||||
|
AUTH_MODE=${PLUGIN_AUTH_MODE}
|
||||||
|
clientAuth ${AUTH_MODE} ${CLUSTER} ${USER}
|
||||||
else
|
else
|
||||||
echo "[WARNING] Required plugin parameter: ${SERVER_CERT_VAR} not added!"
|
echo "[WARNING] Required plugin parameter: ${SERVER_CERT_VAR} not added!"
|
||||||
echo "[WARNING] Using insecure connection to cluster"
|
setInsecureCluster ${CLUSTER} ${SERVER_URL}
|
||||||
kubectl config set-cluster ${CLUSTER} --server=${SERVER_URL} --insecure-skip-tls-verify=true
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
echo "[ERROR] Required pipeline parameter: cluster not provided"
|
|
||||||
exit 1
|
|
||||||
fi
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
kubectl config set-context ${CLUSTER} --cluster=${CLUSTER} --user=${USER}
|
setGlobals
|
||||||
kubectl config use-context ${CLUSTER}
|
clusterAuth ${SERVER_URL} ${CLUSTER} ${USER}
|
||||||
|
setContext ${CLUSTER} ${USER}
|
||||||
# kubectl version
|
startDeployment ${CLUSTER} ${NAMESPACE} ${DEPLOYMENTS} ${CONTAINERS}
|
||||||
IFS=',' read -r -a DEPLOYMENTS <<< "${PLUGIN_DEPLOYMENT}"
|
|
||||||
IFS=',' read -r -a CONTAINERS <<< "${PLUGIN_CONTAINER}"
|
|
||||||
for DEPLOY in ${DEPLOYMENTS[@]}; do
|
|
||||||
echo Deploying to ${CLUSTER}
|
|
||||||
for CONTAINER in ${CONTAINERS[@]}; do
|
|
||||||
kubectl -n ${NAMESPACE} set image deployment/${DEPLOY} \
|
|
||||||
${CONTAINER}="${PLUGIN_REPO}:${PLUGIN_TAG}" --record
|
|
||||||
done
|
|
||||||
# wait on deployment rollout status
|
|
||||||
# kubectl -n ${NAMESPACE} rollout status deployment/${DEPLOY}
|
|
||||||
done
|
|
||||||
|
|
Loading…
Reference in New Issue