diff --git a/scripts/deploy b/scripts/deploy index f2a881c7..58e57fbd 100755 --- a/scripts/deploy +++ b/scripts/deploy @@ -1,14 +1,19 @@ #!/bin/bash SOURCE="${BASH_SOURCE[0]}" while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink - DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" + DIR="$(cd -P "$(dirname "$SOURCE")" && pwd)" SOURCE="$(readlink "$SOURCE")" [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located done -DEPLOY_ROOT_DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" +DEPLOY_ROOT_DIR="$(cd -P "$(dirname "$SOURCE")" && pwd)" export DEPLOY_ROOT_DIR + +# shellcheck disable=SC1091 source "$DEPLOY_ROOT_DIR/src/common.bash" +# shellcheck disable=SC1091 +source "$DEPLOY_ROOT_DIR/src/functions.bash" + CI_ENVIRONMENT_HOSTNAME="${CI_ENVIRONMENT_URL}" CI_ENVIRONMENT_HOSTNAME="${CI_ENVIRONMENT_HOSTNAME/http:\/\//}" CI_ENVIRONMENT_HOSTNAME="${CI_ENVIRONMENT_HOSTNAME/https:\/\//}" @@ -29,38 +34,35 @@ ensure_deploy_variables # Create standard k8s configurations. function init() { -cat < "k8s/${filename}" - kubectl apply -n "${KUBE_NAMESPACE}" -f - < "k8s/${filename}" + envsubst <"${conf}" >"k8s/${filename}" + kubectl apply -n "${KUBE_NAMESPACE}" -f - <"k8s/${filename}" done } # Run deploy scripts from subfolders. function configureSubfolders() { - for conf in ${DEPLOY_CONF_DIR}/* - do + for conf in ${DEPLOY_CONF_DIR}/*; do if [ -d ${conf} ]; then if [ -f ${conf}/deploy ]; then echo "Deploying subfolder ${conf}" @@ -78,12 +80,11 @@ export STATUS_TIMEOUT function status() { SKIP="HorizontalPodAutoscaler" echo "Waiting for deployment app...." - for file in k8s/* - do + for file in k8s/*; do if [ -d $file ]; then continue fi - if grep -q "kind: Deployment" < "$file" && ! grep -q "$SKIP" < "$file"; then + if grep -q "kind: Deployment" <"$file" && ! grep -q "$SKIP" <"$file"; then echo "kubectl rollout status -n ${KUBE_NAMESPACE} -R -f ${file}" if ! timeout ${STATUS_TIMEOUT} kubectl rollout status -n "${KUBE_NAMESPACE}" -R -f "$file"; then echo "Deployment of ${file} is failed, exiting". diff --git a/scripts/destroy b/scripts/destroy index ef362265..466b9585 100755 --- a/scripts/destroy +++ b/scripts/destroy @@ -2,13 +2,19 @@ SOURCE="${BASH_SOURCE[0]}" while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink - DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" + DIR="$(cd -P "$(dirname "$SOURCE")" && pwd)" SOURCE="$(readlink "$SOURCE")" [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located done -export DEPLOY_ROOT_DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" +DEPLOY_ROOT_DIR="$(cd -P "$(dirname "$SOURCE")" && pwd)" +export DEPLOY_ROOT_DIR + +# shellcheck disable=SC1091 source "$DEPLOY_ROOT_DIR/src/common.bash" +# shellcheck disable=SC1091 +source "$DEPLOY_ROOT_DIR/src/functions.bash" + create_kubeconfig echo "Removing all pods..." diff --git a/scripts/helm-init b/scripts/helm-init index 3fc15668..4aa31db3 100644 --- a/scripts/helm-init +++ b/scripts/helm-init @@ -1,76 +1,19 @@ -#!/bin/bash +#!/usr/bin/env bash + SOURCE="${BASH_SOURCE[0]}" while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink - DIR="$(cd -P "$(dirname "$SOURCE")" && pwd)" - SOURCE="$(readlink "$SOURCE")" - [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located + DIR="$(cd -P "$(dirname "$SOURCE")" && pwd)" + SOURCE="$(readlink "$SOURCE")" + [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located done DEPLOY_ROOT_DIR="$(cd -P "$(dirname "$SOURCE")" && pwd)" export DEPLOY_ROOT_DIR -source "$DEPLOY_ROOT_DIR/src/common.bash" - -prepare-namespace() { - if [ -z "${KUBE_NAMESPACE}" ]; then - echo "KUBE_NAMESPACE is missing." - exit 1 - fi - echo "Current KUBE_NAMESPACE=${KUBE_NAMESPACE}" - kubectl create ns "$KUBE_NAMESPACE" || true -} -create-ns-and-developer-role-bindings() { - prepare-namespace - if [ -z "${CI_COMMIT_REF_SLUG}" ]; then - echo "CI_COMMIT_REF_SLUG is missing." - exit 1 - fi - ALLOWED_PATTERN=${ALLOWED_PATTERN_OVERRIDE:-'^(dev|develop|(review-.*))$'} - if ! [[ ${CI_COMMIT_REF_SLUG} =~ $ALLOWED_PATTERN ]]; then - echo "Not in Dev/Review branch: not handling team access via RBAC" - echo "Used pattern is: ${ALLOWED_PATTERN}" - return 0 - fi - if [ -z "${CI_PROJECT_ID}" ]; then - echo "CI_PROJECT_ID is missing." - exit 1 - fi - VIEWER_RB=$(PROJECT_ROLE=viewer envsubst <"$DEPLOY_ROOT_DIR/templates/rbac/rolebinding.yaml") - DEVELOPER_RB=$(PROJECT_ROLE=developer envsubst <"$DEPLOY_ROOT_DIR/templates/rbac/rolebinding.yaml") - IFS=',' read -r -a VIEWER_U <<<${DEV_VIEWER_USERS} - IFS=',' read -r -a VIEWER_G <<<${DEV_VIEWER_GROUPS} - IFS=',' read -r -a DEVELOPER_U <<<${DEV_DEVELOPER_USERS} - IFS=',' read -r -a DEVELOPER_G <<<${DEV_DEVELOPER_GROUPS} - for SUBJECT in "${VIEWER_U[@]}"; do - VIEWER_RB+=$'\n'$(SUBJECT_TYPE=User SUBJECT_NAME=${SUBJECT} envsubst <"$DEPLOY_ROOT_DIR/templates/rbac/rolebinding-subject.yaml") - done - for SUBJECT in "${VIEWER_G[@]}"; do - VIEWER_RB+=$'\n'$(SUBJECT_TYPE="Group" SUBJECT_NAME="${SUBJECT}" envsubst <"$DEPLOY_ROOT_DIR/templates/rbac/rolebinding-subject.yaml") - done - for SUBJECT in "${DEVELOPER_U[@]}"; do - DEVELOPER_RB+=$'\n'$(SUBJECT_TYPE=User SUBJECT_NAME=${SUBJECT} envsubst <"$DEPLOY_ROOT_DIR/templates/rbac/rolebinding-subject.yaml") - done - for SUBJECT in "${DEVELOPER_G[@]}"; do - DEVELOPER_RB+=$'\n'$(SUBJECT_TYPE="Group" SUBJECT_NAME="${SUBJECT}" envsubst <"$DEPLOY_ROOT_DIR/templates/rbac/rolebinding-subject.yaml") - done - echo "$VIEWER_RB" - echo "$VIEWER_RB" | kubectl apply -f - - echo "$DEVELOPER_RB" - echo "$DEVELOPER_RB" | kubectl apply -f - -} - -helm-init() { - helm repo add "stable" "https://charts.helm.sh/stable" - helm repo add "sparkfabrik" "${SPARKFABRIK_CHART_REPO_URL:-https://storage.googleapis.com/spark-helm-charts}" - helm repo update -} +# shellcheck disable=SC1091 +source "$DEPLOY_ROOT_DIR/src/common.bash" -setup-gitlab-agent() { - if [ -n "${GITLAB_AGENT_PROJECT:-}" ] && [ -n "${GITLAB_AGENT_ID:-}" ] && [ "${DISABLE_GITLAB_AGENT:-0}" != "1" ]; then - echo "The deployment will use the GitLab Agent." - echo "Switching Kubernetes context to use the context provided by the GitLab Agent." - kubectl config use-context "${GITLAB_AGENT_PROJECT}:${GITLAB_AGENT_ID}" - fi -} +# shellcheck disable=SC1091 +source "$DEPLOY_ROOT_DIR/src/functions.bash" # Switch to the GitLab Agent context if needed. # This must be done before any other step to execute diff --git a/scripts/kubectl b/scripts/kubectl index dfb918c1..d096475b 100644 --- a/scripts/kubectl +++ b/scripts/kubectl @@ -1,14 +1,19 @@ #!/bin/bash SOURCE="${BASH_SOURCE[0]}" while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink - DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" + DIR="$(cd -P "$(dirname "$SOURCE")" && pwd)" SOURCE="$(readlink "$SOURCE")" [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located done -DEPLOY_ROOT_DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" +DEPLOY_ROOT_DIR="$(cd -P "$(dirname "$SOURCE")" && pwd)" export DEPLOY_ROOT_DIR + +# shellcheck disable=SC1091 source "$DEPLOY_ROOT_DIR/src/common.bash" +# shellcheck disable=SC1091 +source "$DEPLOY_ROOT_DIR/src/functions.bash" + CI_ENVIRONMENT_HOSTNAME="${CI_ENVIRONMENT_URL}" CI_ENVIRONMENT_HOSTNAME="${CI_ENVIRONMENT_HOSTNAME/http:\/\//}" CI_ENVIRONMENT_HOSTNAME="${CI_ENVIRONMENT_HOSTNAME/https:\/\//}" diff --git a/scripts/src/common.bash b/scripts/src/common.bash index f1a23dac..66d41c5b 100755 --- a/scripts/src/common.bash +++ b/scripts/src/common.bash @@ -1,63 +1,7 @@ +#!/usr/bin/env bash set -eo pipefail [[ "$TRACE" ]] && set -x export CI_CONTAINER_NAME="ci_job_build_$CI_BUILD_ID" export CI_REGISTRY_TAG="$CI_BUILD_REF_NAME" - -create_kubeconfig() { - echo "Generating kubeconfig..." - export KUBECONFIG="$(pwd)/kubeconfig" - export KUBE_CLUSTER_OPTIONS= - if [[ -n "$KUBE_CA_PEM" ]]; then - echo "Using KUBE_CA_PEM..." - echo "$KUBE_CA_PEM" > "$(pwd)/kube.ca.pem" - export KUBE_CLUSTER_OPTIONS=--certificate-authority="$(pwd)/kube.ca.pem" - fi - kubectl config set-cluster gitlab-deploy --server="$KUBE_URL" \ - $KUBE_CLUSTER_OPTIONS - kubectl config set-credentials gitlab-deploy --token="$KUBE_TOKEN" \ - $KUBE_CLUSTER_OPTIONS - kubectl config set-context gitlab-deploy \ - --cluster=gitlab-deploy --user=gitlab-deploy \ - --namespace="$KUBE_NAMESPACE" - kubectl config use-context gitlab-deploy - echo "" -} - -ensure_deploy_variables() { - if [[ -z "$KUBE_URL" ]]; then - echo "Missing KUBE_URL." - exit 1 - fi - - if [[ -z "$KUBE_TOKEN" ]]; then - echo "Missing KUBE_TOKEN." - exit 1 - fi - - if [[ -z "$KUBE_NAMESPACE" ]]; then - echo "Missing KUBE_NAMESPACE." - exit 1 - fi - - if [[ -z "$CI_ENVIRONMENT_SLUG" ]]; then - echo "Missing CI_ENVIRONMENT_SLUG." - exit 1 - fi - - if [[ -z "$CI_ENVIRONMENT_URL" ]]; then - echo "Missing CI_ENVIRONMENT_URL." - exit 1 - fi -} - -ping_kube() { - if kubectl version > /dev/null; then - echo "Kubernetes is online!" - echo "" - else - echo "Cannot connect to Kubernetes." - return 1 - fi -} diff --git a/scripts/src/functions.bash b/scripts/src/functions.bash new file mode 100644 index 00000000..bad84b5e --- /dev/null +++ b/scripts/src/functions.bash @@ -0,0 +1,128 @@ +#!/usr/bin/env bash + +# This file contains only functions. +# Nothing should be executed nor defined here. +# Including this file in a script will make all functions available +# but will not change the environment. + +create_kubeconfig() { + echo "Generating kubeconfig..." + KUBECONFIG="$(pwd)/kubeconfig" + export KUBECONFIG + export KUBE_CLUSTER_OPTIONS= + if [[ -n "$KUBE_CA_PEM" ]]; then + echo "Using KUBE_CA_PEM..." + echo "$KUBE_CA_PEM" >"$(pwd)/kube.ca.pem" + KUBE_CLUSTER_OPTIONS=--certificate-authority="$(pwd)/kube.ca.pem" + export KUBE_CLUSTER_OPTIONS + fi + kubectl config set-cluster gitlab-deploy --server="$KUBE_URL" \ + "$KUBE_CLUSTER_OPTIONS" + kubectl config set-credentials gitlab-deploy --token="$KUBE_TOKEN" \ + "$KUBE_CLUSTER_OPTIONS" + kubectl config set-context gitlab-deploy \ + --cluster=gitlab-deploy --user=gitlab-deploy \ + --namespace="$KUBE_NAMESPACE" + kubectl config use-context gitlab-deploy + echo "" +} + +ensure_deploy_variables() { + if [[ -z "$KUBE_URL" ]]; then + echo "Missing KUBE_URL." + exit 1 + fi + + if [[ -z "$KUBE_TOKEN" ]]; then + echo "Missing KUBE_TOKEN." + exit 1 + fi + + if [[ -z "$KUBE_NAMESPACE" ]]; then + echo "Missing KUBE_NAMESPACE." + exit 1 + fi + + if [[ -z "$CI_ENVIRONMENT_SLUG" ]]; then + echo "Missing CI_ENVIRONMENT_SLUG." + exit 1 + fi + + if [[ -z "$CI_ENVIRONMENT_URL" ]]; then + echo "Missing CI_ENVIRONMENT_URL." + exit 1 + fi +} + +ping_kube() { + if kubectl version >/dev/null; then + echo "Kubernetes is online!" + echo "" + else + echo "Cannot connect to Kubernetes." + return 1 + fi +} + +prepare-namespace() { + if [ -z "${KUBE_NAMESPACE}" ]; then + echo "KUBE_NAMESPACE is missing." + exit 1 + fi + echo "Current KUBE_NAMESPACE=${KUBE_NAMESPACE}" + kubectl create ns "$KUBE_NAMESPACE" || true +} + +create-ns-and-developer-role-bindings() { + prepare-namespace + if [ -z "${CI_COMMIT_REF_SLUG}" ]; then + echo "CI_COMMIT_REF_SLUG is missing." + exit 1 + fi + ALLOWED_PATTERN=${ALLOWED_PATTERN_OVERRIDE:-'^(dev|develop|(review-.*))$'} + if ! [[ ${CI_COMMIT_REF_SLUG} =~ $ALLOWED_PATTERN ]]; then + echo "Not in Dev/Review branch: not handling team access via RBAC" + echo "Used pattern is: ${ALLOWED_PATTERN}" + return 0 + fi + if [ -z "${CI_PROJECT_ID}" ]; then + echo "CI_PROJECT_ID is missing." + exit 1 + fi + VIEWER_RB=$(PROJECT_ROLE=viewer envsubst <"$DEPLOY_ROOT_DIR/templates/rbac/rolebinding.yaml") + DEVELOPER_RB=$(PROJECT_ROLE=developer envsubst <"$DEPLOY_ROOT_DIR/templates/rbac/rolebinding.yaml") + IFS=',' read -r -a VIEWER_U <<<"${DEV_VIEWER_USERS}" + IFS=',' read -r -a VIEWER_G <<<"${DEV_VIEWER_GROUPS}" + IFS=',' read -r -a DEVELOPER_U <<<"${DEV_DEVELOPER_USERS}" + IFS=',' read -r -a DEVELOPER_G <<<"${DEV_DEVELOPER_GROUPS}" + for SUBJECT in "${VIEWER_U[@]}"; do + VIEWER_RB+=$'\n'$(SUBJECT_TYPE=User SUBJECT_NAME=${SUBJECT} envsubst <"$DEPLOY_ROOT_DIR/templates/rbac/rolebinding-subject.yaml") + done + for SUBJECT in "${VIEWER_G[@]}"; do + VIEWER_RB+=$'\n'$(SUBJECT_TYPE="Group" SUBJECT_NAME="${SUBJECT}" envsubst <"$DEPLOY_ROOT_DIR/templates/rbac/rolebinding-subject.yaml") + done + for SUBJECT in "${DEVELOPER_U[@]}"; do + DEVELOPER_RB+=$'\n'$(SUBJECT_TYPE=User SUBJECT_NAME=${SUBJECT} envsubst <"$DEPLOY_ROOT_DIR/templates/rbac/rolebinding-subject.yaml") + done + for SUBJECT in "${DEVELOPER_G[@]}"; do + DEVELOPER_RB+=$'\n'$(SUBJECT_TYPE="Group" SUBJECT_NAME="${SUBJECT}" envsubst <"$DEPLOY_ROOT_DIR/templates/rbac/rolebinding-subject.yaml") + done + echo "$VIEWER_RB" + echo "$VIEWER_RB" | kubectl apply -f - + echo "$DEVELOPER_RB" + echo "$DEVELOPER_RB" | kubectl apply -f - +} + +helm-init() { + helm repo add "stable" "https://charts.helm.sh/stable" + helm repo add "sparkfabrik" "${SPARKFABRIK_CHART_REPO_URL:-https://storage.googleapis.com/spark-helm-charts}" + helm repo update +} + +setup-gitlab-agent() { + if [ -n "${GITLAB_AGENT_PROJECT:-}" ] && [ -n "${GITLAB_AGENT_ID:-}" ] && [ "${DISABLE_GITLAB_AGENT:-0}" != "1" ]; then + echo "The deployment will use the GitLab Agent." + echo "Switching Kubernetes context to use the context provided by the GitLab Agent." + kubectl config use-context "${GITLAB_AGENT_PROJECT}:${GITLAB_AGENT_ID}" + fi +} diff --git a/templates/jobs/gcloud-load-balancer-l7-cdn-setup.yml b/templates/jobs/gcloud-load-balancer-l7-cdn-setup.yml new file mode 100644 index 00000000..02f60c33 --- /dev/null +++ b/templates/jobs/gcloud-load-balancer-l7-cdn-setup.yml @@ -0,0 +1,160 @@ +############################################ +# CONFIGURE CDN USING GCP L7 LOAD BALANCER # +############################################ +# We cannot use the BackendConfig to set the CDN configuration, since it does not +# support the includeNamedCookie option. So we must switch to use the gcloud +# command, at least until this issue https://github.com/kubernetes/ingress-gce/issues/1766 +# is fixed. +# The gcloud command reference is available here: +# https://cloud.google.com/sdk/gcloud/reference/compute/backend-services/update +# +# Configuration refs https://cloud.google.com/sdk/gcloud/reference/compute/backend-services/update: +# +# CLOUDSDK_CORE_PROJECT: specifies the project ID of the project that contains the +# backend service we want to update. +# COOKIE_NAMES_LIST: specifies a comma-separated list of HTTP cookie names to include +# in cache keys. The name=value pair are used in the cache key Cloud +# CDN generates. Cookies are not included in cache keys by default. +# This is optional since it may be empty. +# CACHE_MODE: Specifies the cache setting for all responses from this backend. +# CACHE_MODE must be one of: CACHE_ALL_STATIC, FORCE_CACHE_ALL or +# USE_ORIGIN_HEADERS. + +.gcloud-load-balancer-l7-cdn-variables: + variables: + ################# + # GCP Variables # + ################# + # The GCP project id. + # CLOUDSDK_CORE_PROJECT: + # The cache setting for all responses from this backend (default=USE_ORIGIN_HEADERS). + CACHE_MODE: USE_ORIGIN_HEADERS + # A comma-separated list of HTTP cookie names to include in cache keys. + # COOKIE_NAMES_LIST: + # The name of the backend service to update. + # If not specified, the right backend service will be determined from the service annotations using the NEG status annotation of the `${SERVICE_NAME}` service in the `${KUBE_NAMESPACE}` namespace. + # BACKEND_SERVICE: + + ######################## + # Kubernetes Variables # + ######################## + # The namespace where the service is deployed. This variable is not used if the BACKEND_SERVICE variable is specified. + # KUBE_NAMESPACE: + # The name of the service to update. This variable is not used if the BACKEND_SERVICE variable is specified. + # SERVICE_NAME: + + ##################################### + # gcloud command additional options # + ##################################### + # Enable including query string in cache key (default=true). + INCLUDE_QUERY_STRING: true + # Enable including protocol in cache key (default=true). + INCLUDE_PROTOCOL: true + # Enable including host in cache key (default=true). + INCLUDE_HOST: true + # Enable the cache status response header (default=true). + ENABLE_CACHE_STATUS_RESPONSE_HEADER: true + # Define the custom raw options to pass to the gcloud command. + GCLOUD_RAW_OPTIONS: + +.gcloud-load-balancer-l7-cdn-print-vars: + script: + - | + PAD_LEN=${PAD_LEN:-40} + printf "\e[1mConfigured variables:\e[0m\n" + for VAR_NAME in "CLOUDSDK_CORE_PROJECT" "CACHE_MODE" "COOKIE_NAMES_LIST" "BACKEND_SERVICE" \ + "KUBE_NAMESPACE" "SERVICE_NAME" \ + "INCLUDE_QUERY_STRING" "INCLUDE_PROTOCOL" "INCLUDE_HOST" "ENABLE_CACHE_STATUS_RESPONSE_HEADER" "GCLOUD_RAW_OPTIONS"; do + printf "%-${PAD_LEN}s \e[1m%s\e[0m\n" "${VAR_NAME}" "${!VAR_NAME}" + done + # Please remember to keep the following `gcloud compute backend-services update` command in sync + # with the one in the `.gcloud-load-balancer-l7-cdn-setup` job. + - | + printf "\e[1mThe final 'gcloud compute backend-services update' command will be:\e[0m\n" + echo "gcloud compute backend-services update "${BACKEND_SERVICE}" --global --cache-mode=${CACHE_MODE} --cache-key-include-named-cookie=\"${COOKIE_NAMES_LIST:-}\" ${INCLUDE_QUERY_STRING_OPT} ${INCLUDE_PROTOCOL_OPT} ${INCLUDE_HOST_OPT} ${ENABLE_CACHE_STATUS_RESPONSE_HEADER_OPT} ${GCLOUD_RAW_OPTIONS:-}" + +.gcloud-load-balancer-l7-cdn-preflight: + extends: + - .gcloud-load-balancer-l7-cdn-variables + script: + - | + if [ -z "${CLOUDSDK_CORE_PROJECT}" ]; then + echo -e "\e[1m\e[31mYou have to define the CLOUDSDK_CORE_PROJECT variable.\e[0m" + exit 1 + fi + - | + if [ -z "${CACHE_MODE}" ]; then + echo -e "\e[1m\e[31mYou have to define the CACHE_MODE variable.\e[0m" + exit 1 + fi + - | + source /scripts/src/functions.bash + setup-gitlab-agent + - | + if [ -z "${BACKEND_SERVICE}" ]; then + if [ -z "${KUBE_NAMESPACE}" ]; then + echo -e "\e[1m\e[31mYou have to define the KUBE_NAMESPACE variable.\e[0m" + exit 1 + fi + if [ -z "${SERVICE_NAME}" ]; then + echo -e "\e[1m\e[31mYou have to define the SERVICE_NAME variable.\e[0m" + exit 1 + fi + + BACKEND_SERVICE=$(kubectl -n "${KUBE_NAMESPACE}" get service "${SERVICE_NAME}" -ojsonpath={.metadata.annotations.cloud\\.google\\.com/neg-status} | jq --raw-output '.network_endpoint_groups."80"') + export BACKEND_SERVICE + + echo "This job has calculated the backend service name from the service annotations." + echo "The namespace is ${KUBE_NAMESPACE}." + echo "The service name is ${SERVICE_NAME}." + echo "The retrieved backend service name is ${BACKEND_SERVICE}." + fi + - | + if [ -z "${BACKEND_SERVICE}" ]; then + echo -e "\e[1m\e[31mIt seems that the backend service is not configured correctly or perhaps the configuration has not yet propagated. BACKEND_SERVICE variable is empty.\e[0m" + exit 1 + fi + - | + echo "Calculating the INCLUDE_QUERY_STRING_OPT ..." + INCLUDE_QUERY_STRING_OPT="" + if [ "${INCLUDE_QUERY_STRING}" == "true" ]; then + INCLUDE_QUERY_STRING_OPT="--cache-key-include-query-string" + fi + export INCLUDE_QUERY_STRING_OPT + + echo "Calculating the INCLUDE_PROTOCOL_OPT ..." + INCLUDE_PROTOCOL_OPT="" + if [ "${INCLUDE_PROTOCOL}" == "true" ]; then + INCLUDE_PROTOCOL_OPT="--cache-key-include-protocol" + fi + export INCLUDE_PROTOCOL_OPT + + echo "Calculating the INCLUDE_HOST_OPT ..." + INCLUDE_HOST_OPT="" + if [ "${INCLUDE_HOST}" == "true" ]; then + INCLUDE_HOST_OPT="--cache-key-include-host" + fi + export INCLUDE_HOST_OPT + + echo "Calculating the ENABLE_CACHE_STATUS_RESPONSE_HEADER_OPT ..." + ENABLE_CACHE_STATUS_RESPONSE_HEADER_OPT="" + if [ "${ENABLE_CACHE_STATUS_RESPONSE_HEADER}" == "true" ]; then + ENABLE_CACHE_STATUS_RESPONSE_HEADER_OPT="--custom-response-header 'X-CDN-cache-status:{cdn_cache_status}'" + fi + - + +.gcloud-load-balancer-l7-cdn-setup: + extends: + - .gcloud-load-balancer-l7-cdn-variables + script: + - !reference [.gcloud-load-balancer-l7-cdn-setup-preflight, script] + # Please remember to keep the following `gcloud compute backend-services update` command in sync + # with the one in the `.gcloud-load-balancer-l7-cdn-print-vars` job. + - gcloud compute backend-services update "${BACKEND_SERVICE}" --global + --cache-mode=${CACHE_MODE} + --cache-key-include-named-cookie="${COOKIE_NAMES_LIST:-}" + ${INCLUDE_QUERY_STRING_OPT} + ${INCLUDE_PROTOCOL_OPT} + ${INCLUDE_HOST_OPT} + ${ENABLE_CACHE_STATUS_RESPONSE_HEADER_OPT} + ${GCLOUD_RAW_OPTIONS:-}