Merge pull request #1028 from jvanzyl/main

Minimal changes to allow an alternate deployment mechanism
This commit is contained in:
Ryan Richard 2022-03-02 09:23:16 -08:00 committed by GitHub
commit 541811a7a6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -51,6 +51,7 @@ clean_kind=no
api_group_suffix="pinniped.dev" # same default as in the values.yaml ytt file api_group_suffix="pinniped.dev" # same default as in the values.yaml ytt file
skip_chromedriver_check=no skip_chromedriver_check=no
get_active_directory_vars="" # specify a filename for a script to get AD related env variables get_active_directory_vars="" # specify a filename for a script to get AD related env variables
alternate_deploy="undefined"
while (("$#")); do while (("$#")); do
case "$1" in case "$1" in
@ -90,6 +91,15 @@ while (("$#")); do
get_active_directory_vars=$1 get_active_directory_vars=$1
shift shift
;; ;;
--alternate-deploy)
shift
if [[ "$#" == "0" || "$1" == -* ]]; then
log_error "--alternate-deploy requires a script path to be specified"
exit 1
fi
alternate_deploy=$1
shift
;;
-*) -*)
log_error "Unsupported flag $1" >&2 log_error "Unsupported flag $1" >&2
if [[ "$1" == *"active-directory"* ]]; then if [[ "$1" == *"active-directory"* ]]; then
@ -115,6 +125,7 @@ if [[ "$help" == "yes" ]]; then
log_note " -g, --api-group-suffix: deploy Pinniped with an alternate API group suffix" log_note " -g, --api-group-suffix: deploy Pinniped with an alternate API group suffix"
log_note " -s, --skip-build: reuse the most recently built image of the app instead of building" log_note " -s, --skip-build: reuse the most recently built image of the app instead of building"
log_note " --get-active-directory-vars: specify a script that exports active directory environment variables" log_note " --get-active-directory-vars: specify a script that exports active directory environment variables"
log_note " --alternate-deploy: specify an alternate deploy script to install Pinniped"
exit 1 exit 1
fi fi
@ -217,26 +228,32 @@ fi
log_note "Loading the app's container image into the kind cluster..." log_note "Loading the app's container image into the kind cluster..."
kind load docker-image "$registry_repo_tag" --name pinniped kind load docker-image "$registry_repo_tag" --name pinniped
manifest=/tmp/manifest.yaml
# #
# Deploy local-user-authenticator # Deploy local-user-authenticator
# #
pushd deploy/local-user-authenticator >/dev/null pushd deploy/local-user-authenticator >/dev/null
log_note "Deploying the local-user-authenticator app to the cluster..." manifest=/tmp/pinniped-local-user-authenticator.yaml
if [ "$alternate_deploy" != "undefined" ]; then
log_note "The Pinniped local-user-authenticator will be deployed with $alternate_deploy local-user-authenticator $tag..."
$alternate_deploy local-user-authenticator $tag
else
log_note "Deploying the local-user-authenticator app to the cluster using kapp..."
ytt --file . \ ytt --file . \
--data-value "image_repo=$registry_repo" \ --data-value "image_repo=$registry_repo" \
--data-value "image_tag=$tag" >"$manifest" --data-value "image_tag=$tag" >"$manifest"
kapp deploy --yes --app local-user-authenticator --diff-changes --file "$manifest" kapp deploy --yes --app local-user-authenticator --diff-changes --file "$manifest"
kubectl apply --dry-run=client -f "$manifest" # Validate manifest schema. kubectl apply --dry-run=client -f "$manifest" # Validate manifest schema.
fi
popd >/dev/null popd >/dev/null
# #
# Deploy Tools # Deploy Tools
# #
manifest=/tmp/pinniped-tools.yaml
dex_test_password="$(openssl rand -hex 16)" dex_test_password="$(openssl rand -hex 16)"
ldap_test_password="$(openssl rand -hex 16)" ldap_test_password="$(openssl rand -hex 16)"
pushd test/deploy/tools >/dev/null pushd test/deploy/tools >/dev/null
@ -268,26 +285,37 @@ kubectl create secret generic "$test_username" \
# #
# Deploy the Pinniped Supervisor # Deploy the Pinniped Supervisor
# #
manifest=/tmp/pinniped-supervisor.yaml
supervisor_app_name="pinniped-supervisor" supervisor_app_name="pinniped-supervisor"
supervisor_namespace="supervisor" supervisor_namespace="supervisor"
supervisor_custom_labels="{mySupervisorCustomLabelName: mySupervisorCustomLabelValue}" supervisor_custom_labels="{mySupervisorCustomLabelName: mySupervisorCustomLabelValue}"
log_level="debug"
service_http_nodeport_port="80"
service_http_nodeport_nodeport="31234"
service_https_nodeport_port="443"
service_https_nodeport_nodeport="31243"
service_https_clusterip_port="443"
pushd deploy/supervisor >/dev/null pushd deploy/supervisor >/dev/null
log_note "Deploying the Pinniped Supervisor app to the cluster..." if [ "$alternate_deploy" != "undefined" ]; then
log_note "The Pinniped Supervisor will be deployed with $alternate_deploy pinniped-supervisor $tag..."
$alternate_deploy pinniped-supervisor $tag
else
log_note "Deploying the Pinniped Supervisor app to the cluster using kapp..."
ytt --file . \ ytt --file . \
--data-value "app_name=$supervisor_app_name" \ --data-value "app_name=$supervisor_app_name" \
--data-value "namespace=$supervisor_namespace" \ --data-value "namespace=$supervisor_namespace" \
--data-value "api_group_suffix=$api_group_suffix" \ --data-value "api_group_suffix=$api_group_suffix" \
--data-value "image_repo=$registry_repo" \ --data-value "image_repo=$registry_repo" \
--data-value "image_tag=$tag" \ --data-value "image_tag=$tag" \
--data-value "log_level=debug" \ --data-value "log_level=$log_level" \
--data-value-yaml "custom_labels=$supervisor_custom_labels" \ --data-value-yaml "custom_labels=$supervisor_custom_labels" \
--data-value-yaml 'service_http_nodeport_port=80' \ --data-value-yaml "service_http_nodeport_port=$service_http_nodeport_port" \
--data-value-yaml 'service_http_nodeport_nodeport=31234' \ --data-value-yaml "service_http_nodeport_nodeport=$service_http_nodeport_nodeport" \
--data-value-yaml 'service_https_nodeport_port=443' \ --data-value-yaml "service_https_nodeport_port=$service_https_nodeport_port" \
--data-value-yaml 'service_https_nodeport_nodeport=31243' \ --data-value-yaml "service_https_nodeport_nodeport=$service_https_nodeport_nodeport" \
--data-value-yaml 'service_https_clusterip_port=443' \ --data-value-yaml "service_https_clusterip_port=$service_https_clusterip_port" \
>"$manifest" >"$manifest"
# example of how to disable the http endpoint # example of how to disable the http endpoint
# this is left enabled for now because our integration tests still rely on it # this is left enabled for now because our integration tests still rely on it
@ -295,34 +323,42 @@ ytt --file . \
kapp deploy --yes --app "$supervisor_app_name" --diff-changes --file "$manifest" kapp deploy --yes --app "$supervisor_app_name" --diff-changes --file "$manifest"
kubectl apply --dry-run=client -f "$manifest" # Validate manifest schema. kubectl apply --dry-run=client -f "$manifest" # Validate manifest schema.
fi
popd >/dev/null popd >/dev/null
# #
# Deploy the Pinniped Concierge # Deploy the Pinniped Concierge
# #
manifest=/tmp/pinniped-concierge.yaml
concierge_app_name="pinniped-concierge" concierge_app_name="pinniped-concierge"
concierge_namespace="concierge" concierge_namespace="concierge"
webhook_url="https://local-user-authenticator.local-user-authenticator.svc/authenticate" webhook_url="https://local-user-authenticator.local-user-authenticator.svc/authenticate"
webhook_ca_bundle="$(kubectl get secret local-user-authenticator-tls-serving-certificate --namespace local-user-authenticator -o 'jsonpath={.data.caCertificate}')" webhook_ca_bundle="$(kubectl get secret local-user-authenticator-tls-serving-certificate --namespace local-user-authenticator -o 'jsonpath={.data.caCertificate}')"
discovery_url="$(TERM=dumb kubectl cluster-info | awk '/master|control plane/ {print $NF}')" discovery_url="$(TERM=dumb kubectl cluster-info | awk '/master|control plane/ {print $NF}')"
concierge_custom_labels="{myConciergeCustomLabelName: myConciergeCustomLabelValue}" concierge_custom_labels="{myConciergeCustomLabelName: myConciergeCustomLabelValue}"
log_level="debug"
pushd deploy/concierge >/dev/null pushd deploy/concierge >/dev/null
log_note "Deploying the Pinniped Concierge app to the cluster..." if [ "$alternate_deploy" != "undefined" ]; then
log_note "The Pinniped Concierge will be deployed with $alternate_deploy pinniped-concierge $tag..."
$alternate_deploy pinniped-concierge $tag
else
log_note "Deploying the Pinniped Concierge app to the cluster using kapp..."
ytt --file . \ ytt --file . \
--data-value "app_name=$concierge_app_name" \ --data-value "app_name=$concierge_app_name" \
--data-value "namespace=$concierge_namespace" \ --data-value "namespace=$concierge_namespace" \
--data-value "api_group_suffix=$api_group_suffix" \ --data-value "api_group_suffix=$api_group_suffix" \
--data-value "log_level=debug" \ --data-value "log_level=$log_level" \
--data-value-yaml "custom_labels=$concierge_custom_labels" \ --data-value-yaml "custom_labels=$concierge_custom_labels" \
--data-value "image_repo=$registry_repo" \ --data-value "image_repo=$image_repo" \
--data-value "image_tag=$tag" \ --data-value "image_tag=$tag" \
--data-value "discovery_url=$discovery_url" >"$manifest" --data-value "discovery_url=$discovery_url" >"$manifest"
kapp deploy --yes --app "$concierge_app_name" --diff-changes --file "$manifest" kapp deploy --yes --app "$concierge_app_name" --diff-changes --file "$manifest"
kubectl apply --dry-run=client -f "$manifest" # Validate manifest schema. kubectl apply --dry-run=client -f "$manifest" # Validate manifest schema.
fi
popd >/dev/null popd >/dev/null