-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtretboot.yaml
282 lines (261 loc) · 8.21 KB
/
tretboot.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
apiVersion: v1
kind: Namespace
metadata:
name: tretboot
---
apiVersion: v1
kind: ConfigMap
metadata:
name: tretboot-app
namespace: tretboot
data:
docker-entrypoint.sh: |
#!/bin/sh
echo "Install dependencies..."
apk add --no-cache git openssh helm yj jq kubectl bash > /dev/null || exit 1
helm plugin install https://github.com/databus23/helm-diff > /dev/null || exit 1
echo "Install dependencies... [DONE]"
/app/app.sh
app.sh: |
#!/bin/bash
echo "Running tretboot version $(md5sum /app/app.sh)"
export tretboot_autoupdate=https://raw.githubusercontent.com/Deltachaos/tretboot/main/tretboot.yaml
if test -f /etc/tretboot/autoupdate; then
export tretboot_autoupdate=$(cat /etc/tretboot/autoupdate)
fi
function deletepods {
echo "Remove pods"
kubectl delete pods --namespace tretboot --selector=app=tretboot --wait=false # Remove ourself
echo "Remove pods [DONE]"
}
function update {
trap - EXIT
sleep 10
if ! [ -z "$tretboot_autoupdate" ]; then
echo "Check for updates"
if ! kubectl diff -f "$tretboot_autoupdate"; then
echo "Apply updates"
kubectl apply -f "$tretboot_autoupdate"
deletepods
exit 0
fi
fi;
}
function exittrap {
trap - EXIT
echo "Cleanup..."
update
deletepods
}
trap exittrap EXIT
function helmoperation {
echo "Helm Operation:"
echo "Namespace: ${namespace}"
echo "Release: ${release}"
echo "Chart: ${chart}"
echo "Values: "
cat /tmp/${name}.json
extravalues=""
if [ -e /etc/tretboot/${release}.yaml ]; then
echo "Tretboot Values: "
cat /etc/tretboot/${release}.yaml
extravalues="-f /etc/tretboot/${release}.yaml"
fi
local helmsuccess=0
if ! helm status --namespace "${namespace}" "${release}"; then
echo "Initial install."
helm install --create-namespace --namespace "${namespace}" -f /tmp/${name}.json $extravalues "${release}" "${chart}"
helmsuccess=$?
else
if [ "${update}" -eq "1" ]; then
count=$(helm diff upgrade --namespace "${namespace}" "${release}" -f /tmp/${name}.json $extravalues "${chart}" | grep -v '^$' | wc -l)
echo "Diff lines: $count"
if [ "$count" -gt "0" ]; then
echo "Upgrade existing release."
helm upgrade --install --create-namespace --namespace "${namespace}" -f /tmp/${name}.json $extravalues "${release}" "${chart}"
helmsuccess=$?
else
echo "No changes. Skip."
fi
else
echo "Update disabled. Skip."
fi
fi
return $helmsuccess
}
test -f "/etc/tretboot/repository" || (echo "Please set git url in key repository in configmap tretboot-config" && exit 1)
export tretboot_interval=60
export tretboot_namespace=default
export tretboot_path=""
cd /etc/tretboot/ || exit 1
for var in *; do
if [ -f "$var" ]; then
export tretboot_${var}=$(cat /etc/tretboot/$var)
fi
done;
if [ -f "/etc/tretboot/hook-before-clone" ]; then
source /etc/tretboot/hook-before-clone
fi;
cd /tmp || exit 1
if [ -d /tmp/repository ]; then
echo "Clean up old directory"
rm -Rf /tmp/repository
fi
export GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
git clone "${tretboot_repository}" repository || exit 1
while true; do
cd "/tmp/repository" || exit 1
echo "Update repository..."
git fetch
git reset origin/$(git rev-parse --abbrev-ref HEAD) --hard
echo "Update repository... [DONE]"
echo "List contents of repository:"
ls -l /tmp/repository/
cd "/tmp/repository/${tretboot_path}" || exit 1
echo "List contents of tretboot path:"
ls -l
if [ -f "/etc/tretboot/hook-loop" ]; then
source /etc/tretboot/hook-loop
fi;
helmsuccess=0
for dir in *; do
cd "/tmp/repository/${tretboot_path}" || exit 1
echo "Check $dir"
if [ -d "$dir" ]; then
name=$(basename $dir)
echo "{}" > /tmp/${name}.json
release=${name}
update=1
echo "Check for $dir/fleet.yaml"
if [ -e "$dir/fleet.yaml" ]; then
echo "Found fleet bundle $name in $dir"
echo "Helm:"
if yj "$dir/fleet.yaml" | jq -e '.helm'; then
namespace=$(yj "$dir/fleet.yaml" | jq -e --raw-output '.defaultNamespace' || echo $tretboot_namespace)
chart=$(yj "$dir/fleet.yaml" | jq --raw-output '.helm.chart')
echo "Helm releaseName:"
if yj "$dir/fleet.yaml" | jq -e '.helm.releaseName'; then
release=$(yj "$dir/fleet.yaml" | jq --raw-output '.helm.releaseName')
fi
echo "Helm disableUpdate:"
if yj "$dir/fleet.yaml" | jq -e '.helm.disableUpdate'; then
update=$(yj "$dir/fleet.yaml" | jq --raw-output 'if .helm.disableUpdate then 0 else 1 end')
fi
echo "Helm values:"
if yj "$dir/fleet.yaml" | jq -e '.helm.values'; then
yj "$dir/fleet.yaml" | jq '.helm.values' > /tmp/${name}.json
fi
if yj "$dir/fleet.yaml" | jq -e '.helm.repo'; then
repo=$(yj "$dir/fleet.yaml" | jq --raw-output '.helm.repo')
echo "Add repository ${name} with url ${repo}";
helm repo add "${name}" "${repo}" --force-update
helm repo update
chart="${name}/${chart}"
else
echo "Chart without repository. Assume local chart";
cd "${name}"
fi
helmoperation
helmsuccess=$?
else
echo "Bundle $name has no helm entry. Unsupported."
fi
else
echo "Check for $dir/Chart.yaml"
if [ -e "$dir/Chart.yaml" ]; then
echo "Found helm chart $name in $dir"
namespace=$tretboot_namespace
chart="./${dir}"
helm dependency update "${chart}"
helmoperation
helmsuccess=$?
fi
fi
fi;
done;
if [ "$helmsuccess" -gt "0" ]; then
echo "Not all ressources applied. Sleep for 10 seconds and retry."
sleep 10
else
echo "Sleep for ${tretboot_interval} seconds"
sleep ${tretboot_interval}
update
fi
done;
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: tretboot
namespace: tretboot
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: tretboot
subjects:
- kind: ServiceAccount
name: tretboot
namespace: tretboot
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: tretboot
namespace: tretboot
labels:
app: tretboot
spec:
replicas: 1
selector:
matchLabels:
app: tretboot
template:
metadata:
labels:
app: tretboot
spec:
serviceAccountName: tretboot
restartPolicy: Always
containers:
- name: runner
image: alpine:latest
command: ["/bin/sh"]
args:
- "/app/docker-entrypoint.sh"
volumeMounts:
- name: etc
mountPath: /etc/tretboot
readOnly: true
- name: app
mountPath: /app
readOnly: true
- name: ssh
mountPath: /root/.ssh
readOnly: true
- name: tmp
mountPath: /tmp
volumes:
- name: etc
configMap:
name: tretboot-config
- name: app
configMap:
name: tretboot-app
defaultMode: 0777
- name: ssh
secret:
secretName: tretboot-ssh
defaultMode: 0600
optional: true
items:
- key: ssh-privatekey
path: id_rsa
- key: ssh-publickey
path: id_rsa.pub
- name: tmp
emptyDir: {}