Compare commits
1 Commits
83cb047ab2
...
fe61901fee
| Author | SHA1 | Date | |
|---|---|---|---|
| fe61901fee |
@ -106,6 +106,6 @@ else
|
||||
done
|
||||
fi
|
||||
for t in ${ARTIFACTS[@]}; do
|
||||
_helm $ACTION $t || true
|
||||
_helm apply $t || true
|
||||
done
|
||||
fi
|
||||
|
||||
@ -5,6 +5,8 @@ API_VERSIONS="-a monitoring.coreos.com/v1 -a snapshot.storage.k8s.io/v1 -a polic
|
||||
|
||||
export HELM_SECRETS_BACKEND="vals"
|
||||
|
||||
LOCAL_DEV=${LOCAL_DEV:-""}
|
||||
|
||||
# Waits for max 300s and retries
|
||||
function wait_for() {
|
||||
local TRIES=0
|
||||
@ -33,9 +35,7 @@ function argo_used() {
|
||||
|
||||
|
||||
function field_manager() {
|
||||
local argo=${1:-"False"}
|
||||
|
||||
if [ "$argo" == "True" ]; then
|
||||
if [ "$1" == "True" ]; then
|
||||
echo "--field-manager argo-controller"
|
||||
else
|
||||
echo ""
|
||||
@ -43,21 +43,6 @@ function field_manager() {
|
||||
}
|
||||
|
||||
|
||||
function get_kubezero_secret() {
|
||||
export _key="$1"
|
||||
|
||||
kubectl get secrets -n kubezero kubezero-secrets -o yaml | yq '.data.[env(_key)]' | base64 -d -w0
|
||||
}
|
||||
|
||||
|
||||
function set_kubezero_secret() {
|
||||
local key="$1"
|
||||
local val="$2"
|
||||
|
||||
kubectl patch secret -n kubezero kubezero-secrets --patch="{\"data\": { \"$key\": \"$(echo -n $val |base64 -w0)\" }}"
|
||||
}
|
||||
|
||||
|
||||
# get kubezero-values from ArgoCD if available or use in-cluster CM
|
||||
function get_kubezero_values() {
|
||||
local argo=${1:-"False"}
|
||||
@ -120,6 +105,19 @@ function waitSystemPodsRunning() {
|
||||
done
|
||||
}
|
||||
|
||||
function argo_app_synced() {
|
||||
APP=$1
|
||||
|
||||
# Ensure we are synced otherwise bail out
|
||||
status=$(kubectl get application $APP -n argocd -o yaml | yq .status.sync.status)
|
||||
if [ "$status" != "Synced" ]; then
|
||||
echo "ArgoCD Application $APP not 'Synced'!"
|
||||
return 1
|
||||
fi
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
|
||||
# make sure namespace exists prior to calling helm as the create-namespace options doesn't work
|
||||
function create_ns() {
|
||||
@ -204,7 +202,7 @@ function _helm() {
|
||||
# Allow custom CRD handling
|
||||
declare -F ${module}-crds && ${module}-crds || _crds
|
||||
|
||||
elif [ $action == "apply" -o $action == "replace" ]; then
|
||||
elif [ $action == "apply" ]; then
|
||||
echo "using values to $action of module $module: "
|
||||
cat $WORKDIR/values.yaml
|
||||
|
||||
@ -215,8 +213,7 @@ function _helm() {
|
||||
declare -F ${module}-pre && ${module}-pre
|
||||
|
||||
render
|
||||
[ $action == "apply" ] && kubectl apply -f $WORKDIR/helm.yaml --server-side --force-conflicts $(field_manager $ARGOCD) && rc=$? || rc=$?
|
||||
[ $action == "replace" ] && kubectl replace -f $WORKDIR/helm.yaml $(field_manager $ARGOCD) && rc=$? || rc=$?
|
||||
kubectl $action -f $WORKDIR/helm.yaml --server-side --force-conflicts $(field_manager $ARGOCD) && rc=$? || rc=$?
|
||||
|
||||
# Optional post hook
|
||||
declare -F ${module}-post && ${module}-post
|
||||
|
||||
@ -30,7 +30,7 @@ dependencies:
|
||||
repository: https://aquasecurity.github.io/helm-charts/
|
||||
condition: trivy.enabled
|
||||
- name: renovate
|
||||
version: 39.194.0
|
||||
version: 39.185.0
|
||||
repository: https://docs.renovatebot.com/helm-charts
|
||||
condition: renovate.enabled
|
||||
kubeVersion: ">= 1.25.0"
|
||||
|
||||
@ -32,7 +32,6 @@ spec:
|
||||
use_remote_address: true
|
||||
normalize_path: true
|
||||
merge_slashes: true
|
||||
preserve_external_request_id: {{ .Values.hardening.preserveExternalRequestId }}
|
||||
{{- if .Values.hardening.unescapeSlashes }}
|
||||
path_with_escaped_slashes_action: UNESCAPE_AND_REDIRECT
|
||||
{{- end }}
|
||||
|
||||
@ -43,4 +43,3 @@ proxyProtocol: true
|
||||
hardening:
|
||||
rejectUnderscoresHeaders: true
|
||||
unescapeSlashes: true
|
||||
preserveExternalRequestId: false
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user