blob: 7d5916c66237fbd858fedd3046f9012b2f284530 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
#!/usr/bin/env bash
set -e
set -o pipefail
namespace="${1?}"
name="${2?}"
shift
shift
envs=()
function cleanup() {
[[ -v NEW_KUBECONFIG ]] && [[ -f "$NEW_KUBECONFIG" ]] && rm -f "$NEW_KUBECONFIG"
[[ -v PROXY_PID ]] && kill "$PROXY_PID"
}
trap 'EC=$?; cleanup || true; exit $EC' EXIT INT TERM
NEW_KUBECONFIG="$(mktemp -p "$XDG_RUNTIME_DIR")"
if kubectl -n "$namespace" get secrets "${name}-kubeconfig" -o jsonpath='{.data.value}' 2>/dev/null | base64 -d >"$NEW_KUBECONFIG"; then
hasKubeconfig=true
envs+=(KUBECONFIG="$NEW_KUBECONFIG")
else
hasKubeconfig=false
envs+=(KUBECONFIG="")
fi
if secretName="$(kubectl -n "$namespace" get openstackcluster -l cluster.x-k8s.io/cluster-name="$name" -o yaml 2>/dev/null | yq -er '.items[0].spec.identityRef.name')"; then
hasOSConfig=true
mapfile -t osEnvs < <(kubectl -n "$namespace" get secret "$secretName" -o jsonpath='{.data.clouds\.yaml}' | base64 -d | yq -er '.clouds.openstack | {OS_AUTH_TYPE: .["auth_type"], OS_AUTH_URL: .auth["auth_url"], OS_APPLICATION_CREDENTIAL_ID: .auth["application_credential_id"], OS_APPLICATION_CREDENTIAL_SECRET: .auth["application_credential_secret"], OS_REGION_NAME: .["region_name"], OS_INTERFACE: .interface, OS_IDENTITY_API_VERSION: .["identity_api_version"]} | to_entries[] | "\(.key)=\(.value)"')
envs+=(OS_SHELL=true "${osEnvs[@]}")
else
hasOSConfig=false
envs+=(OS_AUTH_URL="")
fi
if [[ "$hasOSConfig" == false ]] && [[ "$hasKubeconfig" == false ]]; then
echo "All secrets are missing!" >/dev/stderr
exit 1
fi
if [[ "$hasOSConfig" == false ]]; then
echo "OpenStack config missing, only setting KUBECONFIG" >/dev/stderr
fi
if [[ "$hasKubeconfig" == false ]]; then
echo "KUBECONFIG missing, only setting OpenStack env" >/dev/stderr
#elif kubectl -n "$namespace" get openstackcluster -l cluster.x-k8s.io/cluster-name="$name" -o yaml 2>/dev/null | yq -er '.items[0] | if .spec.apiServerLoadBalancer.allowedCidrs then .spec.controlPlaneEndpoint.host else null end' &>/dev/null; then
# proxyPodName="proxy-$name"
# if ! kubectl -n "$namespace" get pod "$proxyPodName" &>/dev/null; then
# kubectl -n "$namespace" run --image docker.io/kalaksi/tinyproxy "$proxyPodName" --restart=Never
# fi
# kubectl -n "$namespace" port-forward "$proxyPodName" 8888 &>/dev/null &
# export HTTPS_PROXY=http://localhost:8888
# PROXY_PID=$!
fi
env "${envs[@]}" "${@:-${SHELL:-/usr/bin/env bash}}"
|