Merge branch 'add-init' into 'master'

Add init See merge request !10

Merge branch 'add-init' into 'master'
Add init See merge request !10
7140f8cb · Ulf Seltmann · 492e7189 · b73bb5be · 7140f8cb · 7140f8cb
Commit 7140f8cb authored 6 years ago by Ulf Seltmann
--- a/Changelog.md
+++ b/Changelog.md
 # Changelog

+## [1.4.0] - 2019-03-13
+### Added
+* new command `init` to only initialize docker, helm and kubectl
+* `--reset` flag to remove eventually existing config-folders
+
+### Changed
+* updated helm from 2.12.3 to 2.13.0
+* script now runs as non-root user
+* removed namespace from kubectl-context and added it explicitely to helm
+
 ## [1.3.2] - 2019-02-21
 ### Changed
 * updated helm from 2.9.1 to 2.12.3
@@ -60,4 +70,5 @@
 [1.2.4]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.2.3...release%2F1.2.4
 [1.3.0]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.2.4...release%2F1.3.0
 [1.3.1]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.3.0...release%2F1.3.1
-[1.3.2]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.3.1...release%2F1.3.2
\ No newline at end of file
+[1.3.2]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.3.1...release%2F1.3.2
+[1.4.0]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.3.2...release%2F1.4.0
--- a/Dockerfile
+++ b/Dockerfile
 FROM docker:latest
 COPY assets/deployer /usr/local/bin/
 WORKDIR /app
+
+ENV APP_USER=deployer
+
 RUN apk add --no-cache bash curl \
 	&& curl -L https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl >/usr/local/bin/kubectl \
-	&& curl -L https://storage.googleapis.com/kubernetes-helm/helm-v2.12.3-linux-amd64.tar.gz | tar -zxf - -C /tmp linux-amd64/helm -O >/usr/local/bin/helm \
-	&& chmod a+x /usr/local/bin/deployer /usr/local/bin/kubectl /usr/local/bin/helm
\ No newline at end of file
+	&& curl -L https://storage.googleapis.com/kubernetes-helm/helm-v2.13.0-linux-amd64.tar.gz | tar -zxf - -C /tmp linux-amd64/helm -O >/usr/local/bin/helm \
+	&& chmod a+x /usr/local/bin/deployer /usr/local/bin/kubectl /usr/local/bin/helm \
+	&& addgroup -S ${APP_USER} \
+	&& adduser -S -h /home/${APP_USER} -G ${APP_USER} -s /bin/sh ${APP_USER}
+
+USER deployer
\ No newline at end of file
--- a/Readme.md
+++ b/Readme.md
@@ -88,11 +88,26 @@ From now on charts located in this repository can be deployed by using the `--ch

 # Advanced Configuration

+## docker init
+
+
 ## docker build

+* `--docker-config`: sets the content of the file `~/.docker/config.json` which is used by docker to authenticate to the registry. This can contain multiple registry-servers and there credentials. Which registry is used depends on the image name.
 * `--build-arg`: used to provide build-arguments do `docker build`-command. This is mainly used for `HTTP_PROXY`/`http_proxy`: When you specify `--build-arg HTTP_PROXY=...` the tool adds the build argument `--build-arg http_proxy=...` as well, so lower-case proxy-variables are provided automatically. Nevertheless can you use this option to provide your own build-arguments within the `Dockerfile`
-* `--output`: sets the filepath to the file where the built image is saved. If omitted the image is not saved to a file
+* `--output`: sets the filepath to the file where the built image is saved. If omitted the image is not saved to a file. Also the script trys to import an eventually existing file prior to building in order to make usage of its layers as build-cache.
 * `--build-context`: sets the build-context for `docker build` to a custom path. If omitted the path where the command is invoked is used.
+* `--reset`: this ignores eventually existing config-folders of docker, helm and kubectl and removes them.
+
+## docker init
+
+* `--docker-config`: sets the content of the file `~/.docker/config.json` which is used by docker to authenticate to the registry. This can contain multiple registry-servers and there credentials. Which registry is used depends on the image name.
+* `--cluster-url`: sets the url to the kube-apiserver. This URL is provided by the k8s-admin.
+* `--certificate-authority`: sets the certificate-authority certificate as base64-encoded string. This string is provided by the k8s-admin
+* `--token`: sets the bearer token of the service-account as bas64-encoded string. This string is provided by the k8s-admin.
+* `--namespace`: sets the k8s-namespace where the deployment is located. This string is provided by the k8s-admin.
+* `--service-account`: this is the name of the service-account, that is used to perform the deployment.
+* `--reset`: this ignores eventually existing config-folders of docker, helm and kubectl and removes them.

 ## docker publish

@@ -100,6 +115,7 @@ From now on charts located in this repository can be deployed by using the `--ch
 * `--docker-config`: sets the content of the file `~/.docker/config.json` which is used by docker to authenticate to the registry. This can contain multiple registry-servers and there credentials. Which registry is used depends on the image name.
 * `--name`: sets the name of the image. If you do not wish to publish to [Docker-Hub], you have to specify a server, e.g. `registry.example.com/my-image`. **Be aware that you need to provide credentials in your docker-config if the registry requires authentication.
 * `--tags`: sets the tags of the image. Provide multiple `--tag`-options if you wish to tag an image with multiple tags.
+* `--reset`: this ignores eventually existing config-folders of docker, helm and kubectl and removes them.

 ## docker deploy

@@ -114,6 +130,7 @@ From now on charts located in this repository can be deployed by using the `--ch
 * `--set`: overrides the values from `Values.yaml` in the helm-charts. Provide multiple `--set`-options if you want to provide multiple overrides.
 * `--set-string`: overrides the values from `Values.yaml` in the helm-charts as string. Provide multiple `--set-string`-options if you want to provide multiple overrides.
 * `--timeout`: sets the timeout for helm. defaults to `60` seconds.
+* `--reset`: this ignores eventually existing config-folders of docker, helm and kubectl and removes them.

 ## docker undeploy

@@ -123,6 +140,7 @@ From now on charts located in this repository can be deployed by using the `--ch
 * `--namespace`: sets the k8s-namespace where the deployment is located. This string is provided by the k8s-admin.
 * `--service-account`: this is the name of the service-account, that is used to perform the deployment. This string is provided by the k8s-admin
 * `--name`: sets the name of the deployment.
+* `--reset`: this ignores eventually existing config-folders of docker, helm and kubectl and removes them.

 ## docker add-repo

@@ -133,6 +151,7 @@ From now on charts located in this repository can be deployed by using the `--ch
 * `--service-account`: this is the name of the service-account, that is used to perform the deployment. This string is provided by the k8s-admin
 * `--name`: sets the name of the repo to add.
 * `--repo-url`: sets the repository-url of the repo to add.
+* `--reset`: this ignores eventually existing config-folders of docker, helm and kubectl and removes them.

 # Assumptions


--- a/assets/deployer
+++ b/assets/deployer
@@ -23,6 +23,7 @@ service_account=""
 repo_url=""
 build_context="."
 timeout="60"
+reset=""

 ! getopt --test > /dev/null
 if [[ ${PIPESTATUS[0]} -ne 4 ]]; then
@@ -31,7 +32,7 @@ if [[ ${PIPESTATUS[0]} -ne 4 ]]; then
 fi

 OPTIONS=
-LONGOPTS=docker-config:,tag:,build-arg:,values:,set:,set-string:,charts:,name:,token:,certificate-authority:,namespace:,cluster-url:,service-account:,output:,input:,repo-url:,build-context:,timeout:
+LONGOPTS=docker-config:,tag:,build-arg:,values:,set:,set-string:,charts:,name:,token:,certificate-authority:,namespace:,cluster-url:,service-account:,output:,input:,repo-url:,build-context:,timeout:,reset

 # -use ! and PIPESTATUS to get exit code with errexit set
 # -temporarily store output to be able to check for errors
@@ -109,6 +110,10 @@ while true; do
 			timeout="$2"
 			shift 2
 			;;
+		--reset)
+			reset="true"
+			shift
+			;;
 		--)
 			shift
 			break
@@ -147,12 +152,18 @@ prepare_kubectl() {
 		echo "Please be sure to provide a service-account via --service-account"
 	fi

-	out=`rm -rf ~/.kube`
-	if [ "$?" != "0" ];then
-		echo "failed"
-		echo "$out"
-		return 1
-	fi;
+	if [ "${reset}" == "true" ];then
+		echo -ne " (removing .kube folder because \"--reset\" was provided)"
+		out=`rm -rf ${HOME}/.kube/*`
+		if [ "$?" != "0" ];then
+			echo "failed"
+			echo "$out"
+			return 1
+		fi
+	elif [ -d "${HOME}/.kube" ];then
+		echo "folder .kube already exists. if you want to ignore it provide the \"--reset\" parameter. skipping"
+		return 0
+	fi

 	echo ""

@@ -180,7 +191,7 @@ prepare_kubectl() {
 	echo "done"

 	echo -ne "\tSetting context..."
-	out=`kubectl config set-context "${context}" --user="${account}" --cluster="${cluster_name}" --namespace="${namespace}"`
+	out=`kubectl config set-context "${context}" --user="${account}" --cluster="${cluster_name}"`
 	if [ "$?" != "0" ];then
 		echo "failed"
 		echo "$out"
@@ -199,7 +210,7 @@ prepare_kubectl() {

 	echo -ne "\tTesting context..."
 	for resource in deployment service configmap;do
-		out=`kubectl auth can-i create $resource`
+		out=`kubectl --namespace="${namespace}" auth can-i create $resource`
 		if [ "$?" != "0" ];then
 			echo "failed"
 			echo "$out"
@@ -213,6 +224,20 @@ prepare_kubectl() {

 prepare_helm() {
 	echo -ne "Preparing helm..."
+
+	if [ "${reset}" == "true" ];then
+		echo -ne " (removing .helm folder because \"--reset\" was provided) ..."
+		out=`rm -rf ${HOME}/.helm/*`
+		if [ "$?" != "0" ];then
+			echo "failed"
+			echo "$out"
+			return 1
+		fi
+	elif [ -d "${HOME}/.helm" ];then
+		echo "folder .helm already exists. if you want to ignore it provide the \"--reset\" parameter. skipping"
+		return 0
+	fi
+
 	out=`helm init --wait --tiller-namespace="${namespace}" --service-account="${service_account}" --upgrade --force-upgrade`
 	if [ "$?" != "0" ];then
 		echo "failed!"
@@ -279,7 +304,7 @@ helm_deploy() {
 	fi

 	helmargs=$(echo -e "$helmargs" | sed -E 's/(^[[:space:]]*)|([[:space:]]*$)//g')
-	cmd="helm upgrade --install --wait --timeout=${timeout} --tiller-namespace=${namespace}"
+	cmd="helm upgrade --install --wait --timeout=${timeout} --tiller-namespace=${namespace} --namespace=${namespace}"
 	cmd="$cmd --namespace=${namespace} --recreate-pods ${name} ${charts} ${helmargs}"

 	out=`$cmd 2>&1`
@@ -322,7 +347,21 @@ prepare_image_publisher() {
 		return 1
 	fi

-	rm -rf ~/.docker && mkdir -p ~/.docker && echo "${dockerconfig}" >~/.docker/config.json
+	if [ "${reset}" == "true" ];then
+		echo -ne " (removing .docker folder because \"--reset\" was provided) ..."
+		out=`rm -rf ${HOME}/.docker/*`
+		if [ "$?" != "0" ];then
+			echo "failed"
+			echo "$out"
+			return 1
+		fi
+	elif [ -d "${HOME}/.docker" ];then
+		echo "folder .docker already exists. if you want to ignore it provide the \"--reset\" parameter. skipping"
+		return 0
+	fi
+
+	mkdir -p ${HOME}/.docker && echo "${dockerconfig}" >${HOME}/.docker/config.json
+
 	if [ "$?" != "0" ];then
 		echo "failed"
 		return 1
@@ -440,8 +479,11 @@ if [[ $# -ne 1 ]]; then
 fi

 case $1 in
+	init)
+		prepare_kubectl && prepare_helm && prepare_image_publisher
+		;;
 	build)
-		import_image && build_image && save_image
+		prepare_image_publisher && import_image && build_image && save_image
 		;;
 	publish)
 		prepare_image_publisher && import_image && publish_image

--- a/docker-compose.yml
+++ b/docker-compose.yml
 version: '2'
 services:
  build:
+    build: .
+    volumes:
+    - ./:/app
+    - ./assets/deployer:/usr/local/bin/deployer
+    depends_on:
+    - docker
+    environment:
+      DOCKER_HOST: tcp://docker:2375
+    command: deployer build --output .tmp/image.tar.gz
+
+  init:
    build: .
    volumes:
      - ./:/app
@@ -9,7 +20,35 @@ services:
      - docker
    environment:
      DOCKER_HOST: tcp://docker:2375
-    command: deployer build --output .tmp/image.tar.gz
+    command: deployer init --namespace test --cluster-url https://172.18.85.125:6443 --certificate-authority ${ca_cert} --token ${token} --service-account test --docker-config "${docker_config}"
+
+  init-with-existing:
+    build: .
+    volumes:
+      - ./:/app
+      - ./assets/deployer:/usr/local/bin/deployer
+      - ./.tmp/.kube:/home/deployer/.kube
+      - ./.tmp/.docker:/home/deployer/.docker
+      - ./.tmp/.helm:/home/deployer/.helm
+    depends_on:
+      - docker
+    environment:
+      DOCKER_HOST: tcp://docker:2375
+    command: deployer init --namespace test --cluster-url https://172.18.85.125:6443 --certificate-authority ${ca_cert} --token ${token} --service-account test --docker-config "${docker_config}"
+
+  init-with-existing-and-reset:
+    build: .
+    volumes:
+      - ./:/app
+      - ./assets/deployer:/usr/local/bin/deployer
+      - ./.tmp/.kube:/home/deployer/.kube
+      - ./.tmp/.docker:/home/deployer/.docker
+      - ./.tmp/.helm:/home/deployer/.helm
+    depends_on:
+      - docker
+    environment:
+      DOCKER_HOST: tcp://docker:2375
+    command: deployer init --namespace test --cluster-url https://172.18.85.125:6443 --certificate-authority ${ca_cert} --token ${token} --service-account test --docker-config "${docker_config}" --reset

  build-no-save:
    build: .