-
Notifications
You must be signed in to change notification settings - Fork 6
/
update-config-map.sh
executable file
·102 lines (85 loc) · 3.32 KB
/
update-config-map.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
#!/bin/sh
#
# This script is meant to be run inside a Kubernetes pod
#
###############################################################################
if [ -z "$CONFIG_MAP_NAME" -o -z "$APISERVER" -o -z "$APP_CONFIG_PATH" -o -z "$HOST_NAME" -o -z "$APP_NAME" ];
then
echo "CONFIG_MAP_NAME, APISERVER, APP_CONFIG_PATH, HOSTNAME, and APP_NAME env vars required"
env
exit 1
fi
if [ -z "$MONGO_HOST" ];
then
MONGO_HOST='mongodb'
fi
echo "Inputs:"
echo " CONFIG MAP NAME: $CONFIG_MAP_NAME"
echo " API SERVER: $APISERVER"
echo " APP CONFIG PATH: $APP_CONFIG_PATH"
echo " WES APP NAME: $APP_NAME"
echo " HOST NAME: $HOST_NAME"
echo " MONGO_HOST: $MONGO_HOST"
NAMESPACE=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)
if [ -z "$NAMESPACE" ];
then
echo "ERROR: Cannot get the namespace from '/var/run/secrets/kubernetes.io'" >&2
echo "This script is meant to be run inside a Kubernetes pod only." >&2
exit -1
fi
echo "Current Kubernetes namespace: $NAMESPACE"; echo
echo " * Getting current default configuration"
APP_CONFIG=$(yq --arg HOST_NAME "$HOST_NAME" \
--arg MONGO_HOST "$MONGO_HOST" \
'.endpoints.service.url_prefix = "https" |
.endpoints.service.external_host = $HOST_NAME |
.endpoints.service.external_port = 443 |
.db.host = $MONGO_HOST' \
"$APP_CONFIG_PATH") || exit 4
echo " * Getting current configMap"
curl -s \
--cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt \
-H "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \
-X GET \
-H "Accept: application/json, */*" \
-o /tmp/configmap.json \
-w "Return HTTP/code: %{http_code}\n\n" \
"https://$APISERVER/api/v1/namespaces/${NAMESPACE}/configmaps/${CONFIG_MAP_NAME}"
echo " * Validating JSON file recevied:"; echo
jq . /tmp/configmap.json || exit 2
echo " JSON file is valid";echo
echo " * Creating update for secret"
jq --arg APP_CONFIG "$APP_CONFIG" '.data."config.yaml" = $APP_CONFIG' /tmp/configmap.json >/tmp/configmap-patch.json || exit 5
echo " * Validating JSON file patched:"; echo
jq . /tmp/configmap-patch.json || exit 3
echo " JSON file is valid";echo
# Update Config map
echo " * Updating config map"
curl -s \
--cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt \
-H "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \
-X PATCH \
-H "Accept: application/json, */*" \
-H "Content-Type: application/strategic-merge-patch+json" \
-d @/tmp/configmap-patch.json "https://$APISERVER/api/v1/namespaces/${NAMESPACE}/configmaps/${CONFIG_MAP_NAME}" \
-o /dev/null
echo " * Deleting current $APP_NAME pod"
curl -s \
--cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt \
-H "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \
-X GET \
-H "Accept: application/json, */*" \
"https://$APISERVER/api/v1/namespaces/${NAMESPACE}/pods/" | \
jq '.items | .[] | .metadata.name ' -r | grep "^${APP_NAME}-" | \
while read pod;
do
echo " - Deleting: $pod"
curl -s \
--cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt \
-H "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \
-X DELETE \
-H "Accept: application/json, */*" \
-o /dev/null \
"https://$APISERVER/api/v1/namespaces/${NAMESPACE}/pods/$pod"
done
echo " All Done"