forked from elastisys/compliantkubernetes-apps
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ck8s
executable file
·133 lines (126 loc) · 4.76 KB
/
ck8s
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
#!/bin/bash
# This is the main entrypoint to Compliant Kubernetes.
set -e -o pipefail
here="$(dirname "$(readlink -f "$0")")"
# shellcheck source=bin/common.bash
source "${here}/common.bash"
usage() {
echo "COMMANDS:" 1>&2
echo " init [--generate-new-secrets] initialize the config path" 1>&2
echo " bootstrap <wc|sc> bootstrap the cluster" 1>&2
echo " apps <wc|sc> [--sync] [--skip-template-validate] deploy the applications" 1>&2
echo " apply <wc|sc> [--sync] [--skip-template-validate] bootstrap and apps" 1>&2
echo " test <wc|sc> test the applications" 1>&2
echo " dry-run <wc|sc> [--kubectl] runs helmfile diff" 1>&2
echo " team add-pgp <fp> add a new PGP key to secrets" 1>&2
echo " team remove-pgp <fp> remove a PGP key from secrets and rotate the data encryption key" 1>&2
# TODO: We might want to make this command less visible once we have proper
# support for OIDC logins.
echo " ops kubectl <wc|sc> run kubectl as cluster admin" 1>&2
echo " ops kubecolor <wc|sc> run kubecolor as cluster admin" 1>&2
echo " ops helm <wc|sc> run helm as cluster admin" 1>&2
# TODO: We might want to make this command less visible once we feel
# confident that the apply command and migrations are good enough
# that direct Helmfile access is not necessary.
echo " ops helmfile <wc|sc> run helmfile as cluster admin" 1>&2
echo " s3cmd [cmd] run s3cmd" 1>&2
echo " kubeconfig generate user kubeconfig, stored at CK8S_CONFIG_PATH/user"
echo " completion bash output shell completion code for bash" 1>&2
echo " validate <wc|sc> validates config files" 1>&2
echo " providers lists supported cloud providers" 1>&2
echo " flavors lists supported configuration flavors" 1>&2
exit 1
}
SYNC=""
SKIP=""
KUBECTL=""
GEN_NEW_SECRETS=""
for arg in "$@"; do
case "$arg" in
"--skip-template-validate") SKIP="--skip-template-validate" ;;
"--sync") SYNC="sync" ;;
"--kubectl") KUBECTL="kubectl" ;;
"--generate-new-secrets") GEN_NEW_SECRETS="--generate-new-secrets" ;;
esac
done
case "${1}" in
init)
"${here}/init.bash" "${GEN_NEW_SECRETS}"
;;
bootstrap)
[[ "${2}" =~ ^(wc|sc)$ ]] || usage
"${here}/bootstrap.bash" "${2}"
;;
apps)
[[ "${2}" =~ ^(wc|sc)$ ]] || usage
"${here}/apps.bash" "${2}" "${SKIP}" "${SYNC}"
;;
apply)
[[ "${2}" =~ ^(wc|sc)$ ]] || usage
"${here}/bootstrap.bash" "${2}"
"${here}/apps.bash" "${2}" "${SKIP}" "${SYNC}"
;;
test)
[[ "${2}" =~ ^(wc|sc)$ ]] || usage
"${here}/test.bash" "${2}"
;;
dry-run)
[[ "${2}" =~ ^(wc|sc)$ ]] || usage
"${here}/dry-run.bash" "${2}" "${KUBECTL}"
;;
team)
case "${2}" in
add-pgp|remove-pgp)
[ -n "${3}" ] || usage
"${here}/team.bash" "${2}" "${3}"
;;
*) usage ;;
esac
;;
ops)
case "${2}" in
kubectl)
[[ "${3}" =~ ^(wc|sc)$ ]] || usage
shift 2
"${here}/ops.bash" kubectl "${@}"
;;
kubecolor)
[[ "${3}" =~ ^(wc|sc)$ ]] || usage
shift 2
"${here}/ops.bash" kubecolor "${@}"
;;
helm)
[[ "${3}" =~ ^(wc|sc)$ ]] || usage
shift 2
"${here}/ops.bash" helm "${@}"
;;
helmfile)
[[ "${3}" =~ ^(wc|sc)$ ]] || usage
shift 2
"${here}/ops.bash" helmfile "${@}"
;;
*) usage ;;
esac
;;
s3cmd)
shift
sops_exec_file "${secrets[s3cfg_file]}" 's3cmd --config="{}" '"${*}"
;;
kubeconfig)
[[ "${2}" =~ ^(user|admin)$ ]] || usage
shift
"${here}/kubeconfig.bash" "${@}"
;;
completion)
[ -f "${here}/../completion/${2}" ] || usage
cat "${here}/../completion/${2}"
;;
validate)
[[ "${2}" =~ ^(wc|sc)$ ]] || usage
config_load "$2"
echo "Config validation successful"
;;
providers) echo "${ck8s_cloud_providers[@]}" ;;
flavors) echo "${ck8s_flavors[@]}" ;;
*) usage ;;
esac