Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
57a1fe0bcb
|
40
.woodpecker/helmfile.yaml
Normal file
40
.woodpecker/helmfile.yaml
Normal file
@ -0,0 +1,40 @@
|
||||
when:
|
||||
event:
|
||||
- push
|
||||
matrix:
|
||||
include:
|
||||
- NAME: badhouseplants
|
||||
ENV: badhouseplants
|
||||
.opts: &opts
|
||||
secrets:
|
||||
- sops_age_key
|
||||
image: ghcr.io/helmfile/helmfile:latest
|
||||
backend_options:
|
||||
kubernetes:
|
||||
serviceAccountName: woodpecker-ci
|
||||
#resources:
|
||||
# requests:
|
||||
# memory: 1200Mi
|
||||
# cpu: 2
|
||||
# limits:
|
||||
# memory: 1200Mi
|
||||
# cpu: 2
|
||||
steps:
|
||||
diff:
|
||||
!!merge <<: *opts
|
||||
when:
|
||||
- branch:
|
||||
exclude:
|
||||
- main
|
||||
commands:
|
||||
- sed -i "/\b\(kubeContext\)\b/d" common/environments.yaml
|
||||
- helmfile -e "${ENV}" diff
|
||||
diff:
|
||||
!!merge <<: *opts
|
||||
when:
|
||||
- branch:
|
||||
include:
|
||||
- main
|
||||
commands:
|
||||
- sed -i "/\b\(kubeContext\)\b/d" common/environments.yaml
|
||||
- helmfile -e "${ENV}" apply
|
||||
49
scripts/get_kubeconfig_from_sa.sh
Executable file
49
scripts/get_kubeconfig_from_sa.sh
Executable file
@ -0,0 +1,49 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
|
||||
# you need to have kubectl on PATH with the context set to the cluster you want to create the config for
|
||||
|
||||
# Cosmetics for the created config
|
||||
clusterName="${CLUSTER_NAME}"
|
||||
# your server address goes here get it via `kubectl cluster-info`
|
||||
server="${CLUSTER_URL}"
|
||||
# the Namespace and ServiceAccount name that is used for the config
|
||||
export namespace='pipelines'
|
||||
export serviceAccount='woodpecker-ci'
|
||||
|
||||
# The following automation does not work from Kubernetes 1.24 and up.
|
||||
# You might need to
|
||||
# define a Secret, reference the ServiceAccount there and set the secretName by hand!
|
||||
# See https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#manually-create-a-long-lived-api-token-for-a-serviceaccount for details
|
||||
secretName=$(kubectl --namespace="$namespace" get serviceAccount "$serviceAccount" -o=jsonpath='{.secrets[0].name}')
|
||||
|
||||
######################
|
||||
# actual script starts
|
||||
set -o errexit
|
||||
|
||||
|
||||
ca=$(kubectl --namespace="$namespace" get secret/"$secretName" -o=jsonpath='{.data.ca\.crt}')
|
||||
token=$(kubectl --namespace="$namespace" get secret/"$secretName" -o=jsonpath='{.data.token}' | base64 --decode)
|
||||
|
||||
echo "
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Config
|
||||
clusters:
|
||||
- name: ${clusterName}
|
||||
cluster:
|
||||
certificate-authority-data: ${ca}
|
||||
server: ${server}
|
||||
contexts:
|
||||
- name: ${serviceAccount}@${clusterName}
|
||||
context:
|
||||
cluster: ${clusterName}
|
||||
namespace: ${namespace}
|
||||
user: ${serviceAccount}
|
||||
users:
|
||||
- name: ${serviceAccount}
|
||||
user:
|
||||
token: ${token}
|
||||
current-context: ${serviceAccount}@${clusterName}
|
||||
"
|
||||
|
||||
Loading…
Reference in New Issue
Block a user