refs platform/#2550: add template job for GCP CDN on L7 and deploy fu…

…nctions refactoring
sparkfabrik · Jan 4, 2024 · 70287b4 · 70287b4
1 parent fd8eed5
commit 70287b4
Show file tree

Hide file tree

Showing 7 changed files with 332 additions and 145 deletions.
diff --git a/scripts/deploy b/scripts/deploy
@@ -1,14 +1,19 @@
 #!/bin/bash
 SOURCE="${BASH_SOURCE[0]}"
 while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink
-  DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
+  DIR="$(cd -P "$(dirname "$SOURCE")" && pwd)"
   SOURCE="$(readlink "$SOURCE")"
   [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located
 done
-DEPLOY_ROOT_DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
+DEPLOY_ROOT_DIR="$(cd -P "$(dirname "$SOURCE")" && pwd)"
 export DEPLOY_ROOT_DIR
+
+# shellcheck disable=SC1091
 source "$DEPLOY_ROOT_DIR/src/common.bash"
 
+# shellcheck disable=SC1091
+source "$DEPLOY_ROOT_DIR/src/functions.bash"
+
 CI_ENVIRONMENT_HOSTNAME="${CI_ENVIRONMENT_URL}"
 CI_ENVIRONMENT_HOSTNAME="${CI_ENVIRONMENT_HOSTNAME/http:\/\//}"
 CI_ENVIRONMENT_HOSTNAME="${CI_ENVIRONMENT_HOSTNAME/https:\/\//}"
@@ -29,38 +34,35 @@ ensure_deploy_variables
 
 # Create standard k8s configurations.
 function init() {
-cat <<EOF | kubectl apply -f -
+  cat <<EOF | kubectl apply -f -
 kind: Namespace
 apiVersion: v1
 metadata:
   name: $KUBE_NAMESPACE
 EOF
 
-if [ "${CREATE_BASIC_AUTH}" = 1 ]; then
-  kubectl create secret generic ingress-basic-auth --from-file=/scripts/src/auth --namespace="${KUBE_NAMESPACE}" || true
-fi
+  if [ "${CREATE_BASIC_AUTH}" = 1 ]; then
+    kubectl create secret generic ingress-basic-auth --from-file=/scripts/src/auth --namespace="${KUBE_NAMESPACE}" || true
+  fi
 }
 
 # Materialize and run k8s configurations.
 function configure() {
   mkdir -p k8s
-  for conf in ${DEPLOY_CONF_DIR}/*
-  do
-    if [ -d ${conf} ]
-    then
-      continue;
+  for conf in ${DEPLOY_CONF_DIR}/*; do
+    if [ -d ${conf} ]; then
+      continue
     fi
     filename=$(basename "${conf}")
     echo "Processing ${filename}"
-    envsubst < "${conf}" > "k8s/${filename}"
-    kubectl apply -n "${KUBE_NAMESPACE}" -f - < "k8s/${filename}"
+    envsubst <"${conf}" >"k8s/${filename}"
+    kubectl apply -n "${KUBE_NAMESPACE}" -f - <"k8s/${filename}"
   done
 }
 
 # Run deploy scripts from subfolders.
 function configureSubfolders() {
-  for conf in ${DEPLOY_CONF_DIR}/*
-  do
+  for conf in ${DEPLOY_CONF_DIR}/*; do
     if [ -d ${conf} ]; then
       if [ -f ${conf}/deploy ]; then
         echo "Deploying subfolder ${conf}"
@@ -78,12 +80,11 @@ export STATUS_TIMEOUT
 function status() {
   SKIP="HorizontalPodAutoscaler"
   echo "Waiting for deployment app...."
-  for file in k8s/*
-  do
+  for file in k8s/*; do
     if [ -d $file ]; then
       continue
     fi
-    if grep -q "kind: Deployment" < "$file" && ! grep -q "$SKIP" < "$file"; then
+    if grep -q "kind: Deployment" <"$file" && ! grep -q "$SKIP" <"$file"; then
       echo "kubectl rollout status -n ${KUBE_NAMESPACE} -R -f ${file}"
       if ! timeout ${STATUS_TIMEOUT} kubectl rollout status -n "${KUBE_NAMESPACE}" -R -f "$file"; then
         echo "Deployment of ${file} is failed, exiting".

diff --git a/scripts/destroy b/scripts/destroy
@@ -2,13 +2,19 @@
 
 SOURCE="${BASH_SOURCE[0]}"
 while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink
-  DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
+  DIR="$(cd -P "$(dirname "$SOURCE")" && pwd)"
   SOURCE="$(readlink "$SOURCE")"
   [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located
 done
-export DEPLOY_ROOT_DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
+DEPLOY_ROOT_DIR="$(cd -P "$(dirname "$SOURCE")" && pwd)"
+export DEPLOY_ROOT_DIR
+
+# shellcheck disable=SC1091
 source "$DEPLOY_ROOT_DIR/src/common.bash"
 
+# shellcheck disable=SC1091
+source "$DEPLOY_ROOT_DIR/src/functions.bash"
+
 create_kubeconfig
 
 echo "Removing all pods..."

diff --git a/scripts/helm-init b/scripts/helm-init
@@ -1,76 +1,19 @@
-#!/bin/bash
+#!/usr/bin/env bash
+
 SOURCE="${BASH_SOURCE[0]}"
 while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink
-    DIR="$(cd -P "$(dirname "$SOURCE")" && pwd)"
-    SOURCE="$(readlink "$SOURCE")"
-    [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located
+  DIR="$(cd -P "$(dirname "$SOURCE")" && pwd)"
+  SOURCE="$(readlink "$SOURCE")"
+  [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located
 done
 DEPLOY_ROOT_DIR="$(cd -P "$(dirname "$SOURCE")" && pwd)"
 export DEPLOY_ROOT_DIR
-source "$DEPLOY_ROOT_DIR/src/common.bash"
-
-prepare-namespace() {
-    if [ -z "${KUBE_NAMESPACE}" ]; then
-        echo "KUBE_NAMESPACE is missing."
-        exit 1
-    fi
-    echo "Current KUBE_NAMESPACE=${KUBE_NAMESPACE}"
-    kubectl create ns "$KUBE_NAMESPACE" || true
-}
 
-create-ns-and-developer-role-bindings() {
-    prepare-namespace
-    if [ -z "${CI_COMMIT_REF_SLUG}" ]; then
-        echo "CI_COMMIT_REF_SLUG is missing."
-        exit 1
-    fi
-    ALLOWED_PATTERN=${ALLOWED_PATTERN_OVERRIDE:-'^(dev|develop|(review-.*))$'}
-    if ! [[ ${CI_COMMIT_REF_SLUG} =~ $ALLOWED_PATTERN ]]; then
-        echo "Not in Dev/Review branch: not handling team access via RBAC"
-        echo "Used pattern is: ${ALLOWED_PATTERN}"
-        return 0
-    fi
-    if [ -z "${CI_PROJECT_ID}" ]; then
-        echo "CI_PROJECT_ID is missing."
-        exit 1
-    fi
-    VIEWER_RB=$(PROJECT_ROLE=viewer envsubst <"$DEPLOY_ROOT_DIR/templates/rbac/rolebinding.yaml")
-    DEVELOPER_RB=$(PROJECT_ROLE=developer envsubst <"$DEPLOY_ROOT_DIR/templates/rbac/rolebinding.yaml")
-    IFS=',' read -r -a VIEWER_U <<<${DEV_VIEWER_USERS}
-    IFS=',' read -r -a VIEWER_G <<<${DEV_VIEWER_GROUPS}
-    IFS=',' read -r -a DEVELOPER_U <<<${DEV_DEVELOPER_USERS}
-    IFS=',' read -r -a DEVELOPER_G <<<${DEV_DEVELOPER_GROUPS}
-    for SUBJECT in "${VIEWER_U[@]}"; do
-        VIEWER_RB+=$'\n'$(SUBJECT_TYPE=User SUBJECT_NAME=${SUBJECT} envsubst <"$DEPLOY_ROOT_DIR/templates/rbac/rolebinding-subject.yaml")
-    done
-    for SUBJECT in "${VIEWER_G[@]}"; do
-        VIEWER_RB+=$'\n'$(SUBJECT_TYPE="Group" SUBJECT_NAME="${SUBJECT}" envsubst <"$DEPLOY_ROOT_DIR/templates/rbac/rolebinding-subject.yaml")
-    done
-    for SUBJECT in "${DEVELOPER_U[@]}"; do
-        DEVELOPER_RB+=$'\n'$(SUBJECT_TYPE=User SUBJECT_NAME=${SUBJECT} envsubst <"$DEPLOY_ROOT_DIR/templates/rbac/rolebinding-subject.yaml")
-    done
-    for SUBJECT in "${DEVELOPER_G[@]}"; do
-        DEVELOPER_RB+=$'\n'$(SUBJECT_TYPE="Group" SUBJECT_NAME="${SUBJECT}" envsubst <"$DEPLOY_ROOT_DIR/templates/rbac/rolebinding-subject.yaml")
-    done
-    echo "$VIEWER_RB"
-    echo "$VIEWER_RB" | kubectl apply -f -
-    echo "$DEVELOPER_RB"
-    echo "$DEVELOPER_RB" | kubectl apply -f -
-}
-
-helm-init() {
-    helm repo add "stable" "https://charts.helm.sh/stable"
-    helm repo add "sparkfabrik" "${SPARKFABRIK_CHART_REPO_URL:-https://storage.googleapis.com/spark-helm-charts}"
-    helm repo update
-}
+# shellcheck disable=SC1091
+source "$DEPLOY_ROOT_DIR/src/common.bash"
 
-setup-gitlab-agent() {
-    if [ -n "${GITLAB_AGENT_PROJECT:-}" ] && [ -n "${GITLAB_AGENT_ID:-}" ] && [ "${DISABLE_GITLAB_AGENT:-0}" != "1" ]; then
-        echo "The deployment will use the GitLab Agent."
-        echo "Switching Kubernetes context to use the context provided by the GitLab Agent."
-        kubectl config use-context "${GITLAB_AGENT_PROJECT}:${GITLAB_AGENT_ID}"
-    fi
-}
+# shellcheck disable=SC1091
+source "$DEPLOY_ROOT_DIR/src/functions.bash"
 
 # Switch to the GitLab Agent context if needed.
 # This must be done before any other step to execute

diff --git a/scripts/kubectl b/scripts/kubectl
@@ -1,14 +1,19 @@
 #!/bin/bash
 SOURCE="${BASH_SOURCE[0]}"
 while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink
-  DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
+  DIR="$(cd -P "$(dirname "$SOURCE")" && pwd)"
   SOURCE="$(readlink "$SOURCE")"
   [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located
 done
-DEPLOY_ROOT_DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
+DEPLOY_ROOT_DIR="$(cd -P "$(dirname "$SOURCE")" && pwd)"
 export DEPLOY_ROOT_DIR
+
+# shellcheck disable=SC1091
 source "$DEPLOY_ROOT_DIR/src/common.bash"
 
+# shellcheck disable=SC1091
+source "$DEPLOY_ROOT_DIR/src/functions.bash"
+
 CI_ENVIRONMENT_HOSTNAME="${CI_ENVIRONMENT_URL}"
 CI_ENVIRONMENT_HOSTNAME="${CI_ENVIRONMENT_HOSTNAME/http:\/\//}"
 CI_ENVIRONMENT_HOSTNAME="${CI_ENVIRONMENT_HOSTNAME/https:\/\//}"

diff --git a/scripts/src/common.bash b/scripts/src/common.bash
@@ -1,63 +1,7 @@
+#!/usr/bin/env bash
 set -eo pipefail
 
 [[ "$TRACE" ]] && set -x
 
 export CI_CONTAINER_NAME="ci_job_build_$CI_BUILD_ID"
 export CI_REGISTRY_TAG="$CI_BUILD_REF_NAME"
-
-create_kubeconfig() {
-  echo "Generating kubeconfig..."
-  export KUBECONFIG="$(pwd)/kubeconfig"
-  export KUBE_CLUSTER_OPTIONS=
-  if [[ -n "$KUBE_CA_PEM" ]]; then
-    echo "Using KUBE_CA_PEM..."
-    echo "$KUBE_CA_PEM" > "$(pwd)/kube.ca.pem"
-    export KUBE_CLUSTER_OPTIONS=--certificate-authority="$(pwd)/kube.ca.pem"
-  fi
-  kubectl config set-cluster gitlab-deploy --server="$KUBE_URL" \
-    $KUBE_CLUSTER_OPTIONS
-  kubectl config set-credentials gitlab-deploy --token="$KUBE_TOKEN" \
-    $KUBE_CLUSTER_OPTIONS
-  kubectl config set-context gitlab-deploy \
-    --cluster=gitlab-deploy --user=gitlab-deploy \
-    --namespace="$KUBE_NAMESPACE"
-  kubectl config use-context gitlab-deploy
-  echo ""
-}
-
-ensure_deploy_variables() {
-  if [[ -z "$KUBE_URL" ]]; then
-    echo "Missing KUBE_URL."
-    exit 1
-  fi
-
-  if [[ -z "$KUBE_TOKEN" ]]; then
-    echo "Missing KUBE_TOKEN."
-    exit 1
-  fi
-
-  if [[ -z "$KUBE_NAMESPACE" ]]; then
-    echo "Missing KUBE_NAMESPACE."
-    exit 1
-  fi
-
-  if [[ -z "$CI_ENVIRONMENT_SLUG" ]]; then
-    echo "Missing CI_ENVIRONMENT_SLUG."
-    exit 1
-  fi
-
-  if [[ -z "$CI_ENVIRONMENT_URL" ]]; then
-    echo "Missing CI_ENVIRONMENT_URL."
-    exit 1
-  fi
-}
-
-ping_kube() {
-  if kubectl version > /dev/null; then
-    echo "Kubernetes is online!"
-    echo ""
-  else
-    echo "Cannot connect to Kubernetes."
-    return 1
-  fi
-}