k8s-bootstrap.yaml
3.94 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
---
apiVersion: v1
kind: ConfigMap
metadata:
name: k8s-bootstrap-config
namespace: kube-system
data:
HOME: /tmp/cluster-home
SSH_CONFIG: |
StrictHostKeyChecking no
LogLevel VERBOSE
---
apiVersion: v1
kind: ConfigMap
metadata:
name: k8s-bootstrap-scripts
namespace: kube-system
data:
clone-start-of-day: |
#!/bin/sh
set -ex
# FIXME: don't hard-code this.
rm -rf /tmp/git-storage/k8s-start-of-day
git clone git@gitlab.brainfood.com:brainfood/k8s-start-of-day.git /tmp/git-storage/k8s-start-of-day
cd /tmp/git-storage/k8s-start-of-day
if [ -e helmfile.yaml ]; then
echo helmfile > /tmp/git-storage/repo-type
elif [ -e kustomization.yaml ]; then
echo kustomize > /tmp/git-storage/repo-type
else
echo unknown > /tmp/git-storage/repo-type
fi
check-mode: |
#!/bin/sh
set -ex
if [ $(cat /tmp/git-storage/repo-type) = $1 ]; then
shift
"$@"
fi
---
apiVersion: batch/v1
kind: Job
metadata:
name: k8s-bootstrap
namespace: kube-system
spec:
template:
spec:
restartPolicy: OnFailure
securityContext:
runAsUser: 1234
runAsGroup: 1234
fsGroup: 1234
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
volumes:
- name: k8s-bootstrap-ssh-config
configMap:
name: k8s-bootstrap-config
defaultMode: 0600
items:
- key: SSH_CONFIG
path: config
- name: k8s-bootstrap-ssh-auth
secret:
secretName: cluster-ssh
defaultMode: 0600
items:
- key: ssh-private-key
path: id_rsa
- name: k8s-bootstrap-scripts
configMap:
name: k8s-bootstrap-scripts
defaultMode: 0755
- name: cluster-home
emptyDir: {}
- name: cluster-ssh
emptyDir: {}
- name: git-storage
emptyDir: {}
initContainers:
- name: clone-k8s-start-of-day
image: bitnami/git
envFrom:
- configMapRef:
name: k8s-bootstrap-config
volumeMounts:
- name: k8s-bootstrap-scripts
mountPath: /tmp/k8s-bootstrap-scripts
- name: cluster-home
mountPath: /tmp/cluster-home
- name: cluster-ssh
mountPath: /tmp/cluster-home/.ssh
- name: k8s-bootstrap-ssh-auth
mountPath: /tmp/cluster-home/.ssh/id_rsa
subPath: id_rsa
- name: k8s-bootstrap-ssh-config
mountPath: /tmp/cluster-home/.ssh/config
subPath: config
- name: git-storage
mountPath: /tmp/git-storage
command: ["/tmp/k8s-bootstrap-scripts/clone-start-of-day"]
- name: try-helmfile
image: quay.io/roboll/helmfile:v0.143.5
workingDir: /tmp/git-storage/k8s-start-of-day
command: ["/tmp/k8s-bootstrap-scripts/check-mode", "helmfile", "/usr/local/bin/helmfile"]
args: ["apply"]
envFrom:
- configMapRef:
name: k8s-bootstrap-config
volumeMounts:
- name: git-storage
mountPath: /tmp/git-storage
- name: k8s-bootstrap-scripts
mountPath: /tmp/k8s-bootstrap-scripts
- name: cluster-home
mountPath: /tmp/cluster-home
- name: cluster-ssh
mountPath: /tmp/cluster-home/.ssh
- name: k8s-bootstrap-ssh-auth
mountPath: /tmp/cluster-home/.ssh/id_rsa
subPath: id_rsa
- name: k8s-bootstrap-ssh-config
mountPath: /tmp/cluster-home/.ssh/config
subPath: config
containers:
- name: show-status
image: bash
command: ["bash", "-exc", "ls -Ral /tmp"]
volumeMounts:
- name: git-storage
mountPath: /tmp/git-storage
---