From 4adf3c58744b52850c70e365aabcb41830419aba Mon Sep 17 00:00:00 2001 From: BenjaminCh Date: Mon, 5 Feb 2024 00:06:05 +0100 Subject: [PATCH] chore: CI/CD GCP test cluster (16) --- .gitlab-ci.yml | 2 +- README.md | 2 +- charts/pleco/templates/deployment.yaml | 13 +++++++++++++ charts/pleco/templates/mounted_files_secret.yaml | 11 +++++++++++ charts/pleco/values-gcp.yaml | 6 ++++++ charts/pleco/values.yaml | 5 +++++ pkg/common/validate.go | 2 +- pkg/gcp/run.go | 16 ---------------- 8 files changed, 38 insertions(+), 19 deletions(-) create mode 100644 charts/pleco/templates/mounted_files_secret.yaml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 0bff6e5..76d9859 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -63,7 +63,7 @@ gcp-test-cluster: script: - gcloud auth activate-service-account $(cat $GKE_GCP_CREDENTIALS_JSON | jq -r .client_email) --key-file=$GKE_GCP_CREDENTIALS_JSON - gcloud container clusters get-credentials $GKE_GCP_TEST_CLUSTER_NAME --region=$GKE_GCP_DEFAULT_REGION --project=$(cat $GKE_GCP_CREDENTIALS_JSON | jq -r .project_id) - - helm --kubeconfig $KUBECONFIG_GCP_TEST_CLUSTER upgrade --install --wait --set "environmentVariables.GOOGLE_APPLICATION_CREDENTIALS_JSON_BASE64=$(echo $(cat $GKE_GCP_CREDENTIALS_JSON | base64))" -n qovery -f $PLECO_VALUES_GCP --create-namespace pleco-gcp charts/pleco + - helm --kubeconfig $KUBECONFIG_GCP_TEST_CLUSTER upgrade --install --wait --set "mountedFiles[0].contentBase64=$(echo $(cat $GKE_GCP_CREDENTIALS_JSON | base64))" -n qovery -f $PLECO_VALUES_GCP --create-namespace pleco-gcp charts/pleco only: - tags - schedules diff --git a/README.md b/README.md index 400dc36..72c37aa 100644 --- a/README.md +++ b/README.md @@ -110,7 +110,7 @@ $ export DO_VOLUME_TIMEOUT= +$ export GOOGLE_APPLICATION_CREDENTIALS= ``` --- ## Basic command diff --git a/charts/pleco/templates/deployment.yaml b/charts/pleco/templates/deployment.yaml index a3ef1bf..6c01edc 100644 --- a/charts/pleco/templates/deployment.yaml +++ b/charts/pleco/templates/deployment.yaml @@ -194,6 +194,19 @@ spec: {{ end }} resources: {{- toYaml .Values.resources | nindent 12 }} + volumeMounts: + {{ range $mountedFile := .Values.mountedFiles -}} + - mountPath: "{{ $mountedFile.mountPath }}" + subPath: content + name: "pleco-{{ $mountedFile.name }}" + readOnly: true + {{ end }} + volumes: + {{ range $mountedFile := .Values.mountedFiles -}} + - name: "pleco-{{ $mountedFile.name }}" + secret: + secretName: "pleco-{{ $mountedFile.name }}" + {{ end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/pleco/templates/mounted_files_secret.yaml b/charts/pleco/templates/mounted_files_secret.yaml new file mode 100644 index 0000000..0a30d8d --- /dev/null +++ b/charts/pleco/templates/mounted_files_secret.yaml @@ -0,0 +1,11 @@ +{{ range $mountedFile := .Values.mountedFiles -}} +--- +apiVersion: v1 +kind: Secret +metadata: + name: "pleco-{{ $mountedFile.name }}" +type: Opaque +data: + content: | + {{ $mountedFile.contentBase64 }} +{{ end }} \ No newline at end of file diff --git a/charts/pleco/values-gcp.yaml b/charts/pleco/values-gcp.yaml index c13f1cd..9c3e71c 100644 --- a/charts/pleco/values-gcp.yaml +++ b/charts/pleco/values-gcp.yaml @@ -2,6 +2,12 @@ cloudProvider: "gcp" environmentVariables: LOG_LEVEL: "debug" + GOOGLE_APPLICATION_CREDENTIALS: "/tmp/google/credentials.json" + +mountedFiles: +- name: "google-credentials" + mountPath: "/tmp/google/credentials.json" + contentBase64: "" enabledFeatures: disableDryRun: true diff --git a/charts/pleco/values.yaml b/charts/pleco/values.yaml index 662ae35..d4ef69e 100644 --- a/charts/pleco/values.yaml +++ b/charts/pleco/values.yaml @@ -7,6 +7,11 @@ image: cloudProvider: "" +mountedFiles: [] + # - name: "toto" + # mountPath: "/tmp" + # contentBase64: "content" + environmentVariables: LOG_LEVEL: "info" PLECO_IDENTIFIER: "tbd" diff --git a/pkg/common/validate.go b/pkg/common/validate.go index 73381a6..c5ffed7 100644 --- a/pkg/common/validate.go +++ b/pkg/common/validate.go @@ -109,7 +109,7 @@ func checkDOEnvVars(cmd *cobra.Command) []string { func checkGCPEnvVars(cmd *cobra.Command) []string { var requiredEnvVars = []string{ - "GOOGLE_APPLICATION_CREDENTIALS_JSON_BASE64", + "GOOGLE_APPLICATION_CREDENTIALS", } if isUsed(cmd, "cluster") || isUsed(cmd, "object-storage") || diff --git a/pkg/gcp/run.go b/pkg/gcp/run.go index 0b1db10..5be8224 100644 --- a/pkg/gcp/run.go +++ b/pkg/gcp/run.go @@ -5,11 +5,9 @@ import ( compute "cloud.google.com/go/compute/apiv1" container "cloud.google.com/go/container/apiv1" "cloud.google.com/go/storage" - "encoding/base64" "github.com/sirupsen/logrus" "golang.org/x/net/context" iam "google.golang.org/api/iam/v1" - "os" "sync" "time" ) @@ -40,20 +38,6 @@ type GCPSessions struct { type funcDeleteExpired func(sessions GCPSessions, options GCPOptions) func RunPlecoGCP(regions []string, interval int64, wg *sync.WaitGroup, options GCPOptions) { - if os.Getenv("GOOGLE_APPLICATION_CREDENTIALS_JSON") == "" { - jsonB64EncodedCredentialsEnv := os.Getenv("GOOGLE_APPLICATION_CREDENTIALS_JSON_BASE64") - if jsonB64EncodedCredentialsEnv != "" { - decodedCredentialsEnv, err := base64.StdEncoding.DecodeString(jsonB64EncodedCredentialsEnv) - if err != nil { - logrus.Errorf("GOOGLE_APPLICATION_CREDENTIALS_JSON_BASE64 cannot be base64 decoded: %s", err) - return - } - if os.Setenv("GOOGLE_APPLICATION_CREDENTIALS_JSON", string(decodedCredentialsEnv)) != nil { - logrus.Errorf("GOOGLE_APPLICATION_CREDENTIALS_JSON cannot be set: %s", err) - return - } - } - } for _, region := range regions { wg.Add(1) go runPlecoInRegion(region, interval, wg, options)