forked from elastisys/compliantkubernetes-apps
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathck8s
executable file
·127 lines (120 loc) · 4.54 KB
/
ck8s
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
#!/bin/bash
# This is the main entrypoint to Compliant Kubernetes.
set -e -o pipefail
here="$(dirname "$(readlink -f "$0")")"
# shellcheck source=bin/common.bash
source "${here}/common.bash"
usage() {
echo "COMMANDS:" 1>&2
echo " init [--generate-new-secrets] initialize the config path" 1>&2
echo " bootstrap <wc|sc> bootstrap the cluster" 1>&2
echo " apps <wc|sc> [--sync] [--skip-template-validate] deploy the applications" 1>&2
echo " apply <wc|sc> [--sync] [--skip-template-validate] bootstrap and apps" 1>&2
echo " test <wc|sc> test the applications" 1>&2
echo " dry-run <wc|sc> [--kubectl] runs helmfile diff" 1>&2
echo " team add-pgp <fp> add a new PGP key to secrets" 1>&2
echo " team remove-pgp <fp> remove a PGP key from secrets and rotate the data encryption key" 1>&2
# TODO: We might want to make this command less visible once we have proper
# support for OIDC logins.
echo " ops kubectl <wc|sc> run kubectl as cluster admin" 1>&2
echo " ops helm <wc|sc> run helm as cluster admin" 1>&2
# TODO: We might want to make this command less visible once we feel
# confident that the apply command and migrations are good enough
# that direct Helmfile access is not necessary.
echo " ops helmfile <wc|sc> run helmfile as cluster admin" 1>&2
echo " s3cmd [cmd] run s3cmd" 1>&2
echo " kubeconfig <user|admin <wc|sc> [cluster_name]> generate user/admin kubeconfig, stored at CK8S_CONFIG_PATH/user or CK8S_CONFIG_PATH/.state"
echo " completion bash output shell completion code for bash" 1>&2
echo " validate <wc|sc> validates config files" 1>&2
echo " providers lists supported cloud providers" 1>&2
echo " flavors lists supported configuration flavors" 1>&2
exit 1
}
SYNC=""
SKIP=""
KUBECTL=""
GEN_NEW_SECRETS=""
for arg in "$@"; do
case "$arg" in
"--skip-template-validate") SKIP="--skip-template-validate" ;;
"--sync") SYNC="sync" ;;
"--kubectl") KUBECTL="kubectl" ;;
"--generate-new-secrets") GEN_NEW_SECRETS="--generate-new-secrets" ;;
esac
done
case "${1}" in
init)
"${here}/init.bash" "${GEN_NEW_SECRETS}"
;;
bootstrap)
[[ "${2}" =~ ^(wc|sc)$ ]] || usage
"${here}/bootstrap.bash" "${2}"
;;
apps)
[[ "${2}" =~ ^(wc|sc)$ ]] || usage
"${here}/apps.bash" "${2}" "${SKIP}" "${SYNC}"
;;
apply)
[[ "${2}" =~ ^(wc|sc)$ ]] || usage
"${here}/bootstrap.bash" "${2}"
"${here}/apps.bash" "${2}" "${SKIP}" "${SYNC}"
;;
test)
[[ "${2}" =~ ^(wc|sc)$ ]] || usage
"${here}/test.bash" "${2}"
;;
dry-run)
[[ "${2}" =~ ^(wc|sc)$ ]] || usage
"${here}/dry-run.bash" "${2}" "${KUBECTL}"
;;
team)
case "${2}" in
add-pgp|remove-pgp)
[ -n "${3}" ] || usage
"${here}/team.bash" "${2}" "${3}"
;;
*) usage ;;
esac
;;
ops)
case "${2}" in
kubectl)
[[ "${3}" =~ ^(wc|sc)$ ]] || usage
shift 2
"${here}/ops.bash" kubectl "${@}"
;;
helm)
[[ "${3}" =~ ^(wc|sc)$ ]] || usage
shift 2
"${here}/ops.bash" helm "${@}"
;;
helmfile)
[[ "${3}" =~ ^(wc|sc)$ ]] || usage
shift 2
"${here}/ops.bash" helmfile "${@}"
;;
*) usage ;;
esac
;;
s3cmd)
shift
sops_exec_file "${secrets[s3cfg_file]}" 's3cmd --config="{}" '"${*}"
;;
kubeconfig)
[[ "${2}" =~ ^(user|admin)$ ]] || usage
shift
"${here}/kubeconfig.bash" "${@}"
;;
completion)
[ -f "${here}/../completion/${2}" ] || usage
cat "${here}/../completion/${2}"
;;
validate)
[[ "${2}" =~ ^(wc|sc)$ ]] || usage
config_load "$2"
echo "Config validation successful"
;;
providers) echo "${ck8s_cloud_providers[@]}" ;;
flavors) echo "${ck8s_flavors[@]}" ;;
*) usage ;;
esac