Skip to content

Commit

Permalink
Add secrets/configmap from file and harbor support. (#9)
Browse files Browse the repository at this point in the history 
* add creating k8s secret from a dir

* add creating k8s secret from a file or files in a dir

* add configmap-create-from-file

* point to dockerfile

* add harbor support

* add harbor support

* add harbor support
  • Loading branch information
@jgreat
jgreat authored May 17, 2022
1 parent 692e9c6 commit 15aa643
Show file tree
Hide file tree
Showing 3 changed files with 104 additions and 15 deletions.
7 changes: 4 additions & 3 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,18 +1,19 @@
# Copyright (c) 2022 MobileCoin Inc.
FROM alpine/helm:3.8.0
FROM alpine/helm:3.8.2

ENV HELM_CONFIG_HOME=/opt/helm
ENV HELM_REGISTRY_CONFIG=/opt/helm/registry.json
ENV HELM_REPOSITORY_CONFIG=/opt/helm/repositories.yaml
ENV HELM_REPOSITORY_CACHE=/opt/helm/cache/repository
ENV HELM_CACHE_HOME=/opt/helm/cache/helm
ENV HELM_CACHE_HOME=/opt/helm/cache
ENV HELM_DATA_HOME=/opt/helm/data
ENV HELM_PLUGINS=/opt/helm/plugins

RUN apk add --no-cache bash curl jq \
&& apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing kubectl \
&& mkdir -p /opt/helm/plugins \
&& helm plugin install https://github.com/hypnoglow/helm-s3.git
&& helm plugin install https://github.com/hypnoglow/helm-s3.git \
&& helm plugin install https://github.com/chartmuseum/helm-push

COPY entrypoint.sh /entrypoint.sh

Expand Down
10 changes: 8 additions & 2 deletions action.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,12 @@ inputs:
chart_repo:
description: "url for chart repo"
required: false
chart_repo_username:
description: "Username for private chart repo"
required: false
chart_repo_password:
description: "Password for private chart repo"
required: false
chart_set:
description: "new line list of --set commands"
required: false
Expand Down Expand Up @@ -62,7 +68,7 @@ inputs:
description: "kubernetes namespace"
required: false
object_name:
description: "k8s object to scale"
description: "k8s object to manipulate"
required: false
rancher_project:
description: "rancher project"
Expand All @@ -84,7 +90,7 @@ inputs:
description: "File to copy into toolbox"
required: false
runs:
using: 'docker'
using: docker
image: docker://mobilecoin/gha-k8s-toolbox:v1.0
args:
- ${{ inputs.command }}
102 changes: 92 additions & 10 deletions entrypoint.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ then
rancher_get_kubeconfig
is_set INPUT_NAMESPACE
is_set INPUT_INGEST_COLOR

if [ "${INPUT_INGEST_COLOR}" == "blue" ]
then
flipside="green"
Expand Down Expand Up @@ -180,18 +180,26 @@ then
is_set INPUT_CHART_WAIT_TIMEOUT

echo "-- Add chart repo ${INPUT_CHART_REPO}"
repo_name=$(dd bs=10 count=1 if=/dev/urandom 2>/dev/null | base64 | tr -d +/=)
echo "-- Repo random name ${repo_name}"
helm repo add "${repo_name}" "${INPUT_CHART_REPO}"

# log into chart repo with creds if provided.
if [[ -n "${INPUT_CHART_REPO_USERNAME}" ]] && [[ -n "${INPUT_CHART_REPO_PASSWORD}" ]]
then
helm repo add repo "${INPUT_CHART_REPO}" \
--username "${INPUT_CHART_REPO_USERNAME}" \
--password "${INPUT_CHART_REPO_PASSWORD}"
else
helm repo add repo "${INPUT_CHART_REPO}"
fi

helm repo update

sets=$(echo -n "${INPUT_CHART_SET}" | tr '\n' ' ')
set_options=$(echo -n "${INPUT_CHART_SET}" | tr '\n' ' ')

if [ -n "${INPUT_CHART_VALUES}" ]
then
helm_upgrade_with_values "${repo_name}" "${sets}"
helm_upgrade_with_values repo "${set_options}"
else
helm_upgrade "${repo_name}" "${sets}"
helm_upgrade repo "${sets}"
fi
;;

Expand Down Expand Up @@ -220,6 +228,54 @@ then
fi
;;

helm-publish)
is_set INPUT_CHART_APP_VERSION
is_set INPUT_CHART_PATH
is_set INPUT_CHART_VERSION
is_set INPUT_CHART_REPO
is_set INPUT_CHART_REPO_PASSWORD
is_set INPUT_CHART_REPO_USERNAME

if [ "${INPUT_CHART_SIGN}" == "true" ]
then
is_set INPUT_CHART_PGP_KEYRING_PATH
is_set INPUT_CHART_PGP_KEY_NAME
fi

echo "-- Create chart tmp dir - .tmp/charts"
mkdir -p ".tmp/charts"

echo "-- Updating chart dependencies"
helm dependency update "${INPUT_CHART_PATH}"

if [ "${INPUT_CHART_SIGN}" == "true" ]
then
echo "-- Package and sign chart with provided pgp key"
helm package "${INPUT_CHART_PATH}" \
-d ".tmp/charts" \
--app-version="${CHART_APP_VERSION}" \
--version="${INPUT_CHART_VERSION}" \
--sign \
--keyring="${INPUT_CHART_PGP_KEYRING_PATH}" \
--key="${INPUT_CHART_PGP_KEY}"
else
echo "-- Package unsigned chart"
helm package "${INPUT_CHART_PATH}" \
-d ".tmp/charts" \
--app-version="${INPUT_CHART_APP_VERSION}" \
--version="${INPUT_CHART_VERSION}"
fi

echo "-- Add chart repo ${INPUT_CHART_REPO}"
helm repo add repo "${INPUT_CHART_REPO}" \
--username "${INPUT_CHART_REPO_USERNAME}" \
--password "${INPUT_CHART_REPO_PASSWORD}"

echo "-- Push chart"
chart_name=$(basename "${INPUT_CHART_PATH}")
helm cm-push --force ".tmp/charts/${chart_name}-${INPUT_CHART_VERSION}.tgz" repo
;;

helm-s3-publish)
# Publish a helm chart to an S3 bucket
is_set INPUT_CHART_APP_VERSION
Expand Down Expand Up @@ -257,7 +313,7 @@ then
--sign \
--keyring="${INPUT_CHART_PGP_KEYRING_PATH}" \
--key="${INPUT_CHART_PGP_KEY}"
else
else
echo "-- Package unsigned chart"
helm package "${INPUT_CHART_PATH}" \
-d ".tmp/charts" \
Expand Down Expand Up @@ -297,7 +353,7 @@ then
# Add namespace to Default project
# Get cluster data and resource links
echo "-- Query Rancher for cluster info"
cluster=$(curl --retry 5 -sSLf -H "${auth_header}" "${INPUT_RANCHER_URL}/v3/clusters/?name=${INPUT_RANCHER_CLUSTER}")
cluster=$(curl --retry 5 -sSLf -H "${auth_header}" "${INPUT_RANCHER_URL}/v3/clusters/?name=${INPUT_RANCHER_CLUSTER}")

namespaces_url=$(echo "${cluster}" | jq -r .data[0].links.namespaces)
projects_url=$(echo "${cluster}" | jq -r .data[0].links.projects)
Expand All @@ -321,7 +377,7 @@ then
rancher_get_kubeconfig
is_set INPUT_NAMESPACE
is_set INPUT_OBJECT_NAME

replicas=$(k get -n "${INPUT_NAMESPACE}" "${INPUT_OBJECT_NAME}" -o=jsonpath='{.spec.replicas}{"\n"}')
echo "${INPUT_OBJECT_NAME} original scale: ${replicas}"

Expand Down Expand Up @@ -361,6 +417,32 @@ then
--from-literal=FOG_REPORT_SIGNING_CA_CERT="${INPUT_FOG_REPORT_SIGNING_CA_CERT}"
;;

secrets-create-from-file)
# Create a secret from file or all files in a directory
rancher_get_kubeconfig
is_set INPUT_NAMESPACE
is_set INPUT_SRC
is_set INPUT_OBJECT_NAME

k delete secret "${INPUT_OBJECT_NAME}" -n "${INPUT_NAMESPACE}" --now --wait --request-timeout=5m --ignore-not-found

k create secret generic "${INPUT_OBJECT_NAME}" -n "${INPUT_NAMESPACE}" \
--from-file="${INPUT_SRC}"
;;

configmap-create-from-file)
# Create a secret from file or all files in a directory
rancher_get_kubeconfig
is_set INPUT_NAMESPACE
is_set INPUT_SRC
is_set INPUT_OBJECT_NAME

k delete configmap "${INPUT_OBJECT_NAME}" -n "${INPUT_NAMESPACE}" --now --wait --request-timeout=5m --ignore-not-found

k create configmap "${INPUT_OBJECT_NAME}" -n "${INPUT_NAMESPACE}" \
--from-file="${INPUT_SRC}"
;;

toolbox-copy)
# Copy files to blue/green fog-ingest toolbox container.
rancher_get_kubeconfig
Expand Down

0 comments on commit 15aa643

Please sign in to comment.