CLI: `deploy` and `update` should be the same
Problem
A quite amount of code in socle deploy is replicated in socle update, but not completely:
git diff e73a284:src/eole3/data/templates/scripts/deploy e73a284:src/eole3/data/templates/scripts/update
diff --git a/src/eole3/data/templates/scripts/deploy b/src/eole3/data/templates/scripts/update
old mode 100755
new mode 100644
index 91ed8df..52c9ed5
--- a/src/eole3/data/templates/scripts/deploy
+++ b/src/eole3/data/templates/scripts/update
@@ -1,76 +1,11 @@
#!/bin/bash
{% include 'include/utils/log.sh.j2' -%}
-{%- from "include/utils/deploy.j2" import deploy %}
-{%- from "include/postgresql/create-database.j2" import create_database %}
-#Check that all required commands are available
-declare -a COMMANDS=(
- "curl"
- "jq"
- "helm"
- "kubectl"
-)
-for cmd in "${COMMANDS[@]}"; do
- if command -v $cmd &> /dev/null
- then
- echo "Command '$cmd': FOUND"
- else
- echo "Command '$cmd': NOT FOUND"
- echo "Aborting"
- exit 1
- fi
-done
-
-{% if config['cert-manager']['deploy'] == "true" %}
-#Install cert-manager for HTTP01 ingress solver
-{{ deploy(config, "cert-manager", "cert-manager") }}
-kubectl apply -n {{ config['cert-manager']['namespace'] }} -f cert-manager-issuer.yaml
-{%- endif %}
-{%- if config['cert-manager']['deploy'] == "false" and config['cert-manager']['enabled'] == 'true' %}
-#Use already installed cert-manager
-log "Use already installed cert-manager"
-kubectl apply -n {{ config['cert-manager']['namespace'] }} -f cert-manager-issuer.yaml
-{%- endif %}
-
-{%- if config['coredns']['patch'] == "true" %}
-#Patch coredns
-log "Patch CoreDNS"
-kubectl get -n kube-system configmaps coredns -o jsonpath={.data.Corefile} |sed -e "s?/etc/resolv.conf?{{ config['coredns']['dns'] }}?" > Corefile
-kubectl get -n kube-system configmaps coredns -o jsonpath={.data.NodeHosts} > NodeHosts
-kubectl delete -n kube-system configmaps coredns
-kubectl create -n kube-system configmap coredns --from-file=Corefile --from-file=NodeHosts
-kubectl rollout -n kube-system restart deployment coredns
-{%- endif %}
-
-{%- if config['general']['ingressControllerDeploy'] == "true" %}
-#Install ingress controller
-bash ingress-controller-deploy
-{%- endif %}
-
-{%- if config['database']['type'] == "socle" -%}
-{%- set db = config['database'] %}
-{%- set provider = db['provider'] %}
-{{ deploy(config, provider , config[provider]['namespace']) }}
-log "Wait for postgresql to be up"
-kubectl -n {{ config[provider]['namespace'] }} wait --for=condition=Ready --timeout=600s pod -l app.kubernetes.io/name=postgresql
-{%- endif %}
+{%- from 'include/utils/deploy.j2' import deploy %}
{% if config['keycloak']['enabled'] == "true" -%}
#keycloak
-{%- if config['keycloak']['realmImport'] == "true" %}
-kubectl create secret -n {{ config['general']['namespace'] }} generic realm-secret --from-file=realm-export.json
-{%- endif %}
-{{ create_database(config, "keycloak") }}
{{ deploy(config, "keycloak") }}
-{% if config['keycloak']['enableBackup'] == "true" %}
-log "Create namespace 'backup'"
-kubectl create namespace backup --dry-run=client -o yaml | kubectl apply -f -
-log "Activate keycloak backup schedule"
-kubectl apply -n backup -f keycloak-backup-pvc.yaml -f keycloak-credentials.yaml -f keycloak-backup-cronjob.yaml
-{% else %}
-kubectl delete -n backup -f keycloak-backup-cronjob.yaml --ignore-not-found=true
-{% endif -%}
-
{% endif -%}
{% if config['mongodb']['deploy'] == "true" -%}
#mongo
@@ -80,11 +15,14 @@ log "Create namespace 'backup'"
kubectl create namespace backup --dry-run=client -o yaml | kubectl apply -f -
log "Activate mongodb backup schedule"
kubectl apply -n backup -f mongodb-backup-pvc.yaml -f mongodb-credentials.yaml -f mongodb-backup-cronjob.yaml
+
{% else %}
+log "Deactivate mongodb backup schedule"
kubectl delete -n backup -f mongodb-backup-cronjob.yaml --ignore-not-found=true
{% endif -%}
{% endif -%}
+
{% if config['minio']['deploy'] == "true" -%}
#minio
{{ deploy(config, "minio") }}
@@ -93,7 +31,9 @@ log "Create namespace 'backup'"
kubectl create namespace backup --dry-run=client -o yaml | kubectl apply -f -
log "Activate minio backup schedule"
kubectl apply -n backup -f minio-backup-pvc.yaml -f minio-credentials.yaml -f minio-backup-cronjob.yaml
+
{% else %}
+log "Deactivate minio backup schedule"
kubectl delete -n backup -f minio-backup-cronjob.yaml --ignore-not-found=true
{% endif -%}
@@ -103,23 +43,17 @@ kubectl delete -n backup -f minio-backup-cronjob.yaml --ignore-not-found=true
log "Wait for keycloak to be up"
kubectl -n {{ config['general']['namespace'] }} wait --for=condition=Ready --timeout=600s pod -l app.kubernetes.io/name=keycloak
-{% if config['minio']['deploy'] == "true" -%}
-log "Creating minio user and bucket for la boite"
-kubectl -n {{ config['general']['namespace'] }} apply -f minio-policy.yaml -f minio-job.yaml
-kubectl wait -n {{ config['general']['namespace'] }} --for=condition=complete job/init-minio
-kubectl -n {{ config['general']['namespace'] }} delete -f minio-policy.yaml -f minio-job.yaml
-{% endif %}
-
-#Manage keycloak realm
-log "Manage keycloak realm"
+log "Update keycloak realm"
bash init-keycloak
-
{% endif -%}
{% if config['laboite']['enabled'] == "true" -%}
#laboite
-keycloak_pubkey=$(curl -Ss https://{{ config['keycloak']['hostname'] }}.{{ config['general']['domain'] }}/auth/realms/{{ config['keycloak']['realm'] }}| jq .public_key -r)
+keycloak_pubkey=$(wget https://{{ config['keycloak']['hostname'] }}.{{ config['general']['domain'] }}/auth/realms/{{ config['keycloak']['realm'] }} -O -| jq .public_key -r)
sed -i "s|KEYCLOAK_PUBKEY|$keycloak_pubkey|" laboite-values.yaml
{{ deploy(config, "laboite") }}
{% endif -%}
-log "Deployment finished"
+log "Start rollout restart"
+kubectl -n {{ config['general']['namespace'] }} rollout restart deploy
+
+log "Update finished"
Proposal
- make
deployidempotent - replace
updatewith a link todeploy - split the script in per component sub-script which could be called individually
-
deployas base script deploy-patch-corednsdeploy-certmanagerdeploy-ingress- …
-
Each sub-deploy should take care to wait for their dependencies if required (related to !409 (comment 78768))