-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.envrc-gcp.sh
136 lines (118 loc) · 4.47 KB
/
.envrc-gcp.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
#!/usr/bin/env bash
if [ -z "${local_SNAPSHOT}" ]; then
# shellcheck disable=SC2148 source=/.envrc-clusters.sh
source_url "https://raw.githubusercontent.com/sourcesense/envrc-framework/v0.19.1/.envrc-clusters.sh" "sha256-NSm9CFIhxnqTZ41sWfGu9OWl9bxvD9I4V5_IPl38OOA="
else
# shellcheck disable=SC1091 source="${local_SNAPSHOT}"/.envrc-clusters.sh
source "${local_SNAPSHOT}"/.envrc-clusters.sh
fi
work_on_cluster()
{
pre_work_on_cluster
log "Working on cluster: $(ab "$CLUSTER_NAME"), project id: $(ab "$PROJECT_ID"), region: $(ab "$CLUSTER_REGION")"
}
if type direnv >/dev/null 2>&1; then
# shellcheck disable=SC1091
. <(direnv stdlib)
else
echo "Could not load direnv stdlib" >&2
exit 1
fi
use_cp gcp
pre_work_on_cluster()
{
export POD_OVERRIDES=''
}
test_vpn()
{
log "No check on VPN"
}
set_region()
{
local resource_region="$1"
export RESOURCE_REGION="$resource_region"
}
set_project_id()
{
local project_id="$1"
export PROJECT_ID="$project_id"
}
set_cluster_name()
{
local cluster_name="$1"
export CLUSTER_NAME="$cluster_name"
}
get_credentials()
{
clusterName="${CLUSTER_NAME?Must specify cluster name in CLUSTER_NAME}"
projectId="${PROJECT_ID?Must specify project id in PROJECT_ID}"
clusterRegion="${CLUSTER_REGION?Must specify cluster region in CLUSTER_REGION}"
kubeConfig="${KUBECONFIG?Must specify kube config in KUBECONFIG}"
log "Putting credentials for cluster $(ab "${clusterName}") in kubeconfig file $(ab "${kubeConfig/$HOME/\~}"), it could take a while, please be patient and ignore direnv warnings..."
KUBECONFIG=$kubeConfig gcloud container clusters get-credentials "${clusterName}" --region "${clusterRegion}" --project "${projectId}" 2>/dev/null
if [ -s "${kubeConfig}" ]; then
log "Successfully got credentials from GCP and created kubeconfig: $(ab "${kubeConfig/$HOME/\~}")"
else
whine "Couldn't get credentials from GCP, please retry. Aborting"
fi
}
check_gcp_login()
{
log "Checking access to GCP Cluster $(ab "${CLUSTER_NAME}"), it could take a while, please be patient and ignore direnv warnings..."
gcloud auth print-access-token >/dev/null 2>&1
# shellcheck disable=SC2181
if [ "$?" != 0 ]; then
gcloud auth login 2>/dev/null
if [ "$?" = 0 ]; then
log "$(ab "Successfully logged in to GCP with user $(gcloud config get-value account)")"
gcloud auth application-default print-access-token >/dev/null 2>&1
# shellcheck disable=SC2181
if [ "$?" != 0 ]; then
gcloud auth application-default login 2>/dev/null
if [ "$?" = 0 ]; then
log "$(ab "Successfully logged in to GCP for SOPS support with user $(gcloud config get-value account)")"
else
whine "Couldn't login to GCP, please retry running a $(b "direnv reload"). Aborting"
fi
else
log "Already logged in to GCP with user $(ab "$(gcloud config get-value account)")"
fi
else
whine "Couldn't login to GCP, please retry running a $(b "direnv reload"). Aborting"
fi
else
log "Already logged in to GCP with user $(ab "$(gcloud config get-value account)")"
fi
}
setup_kubeconfig()
{
parentDir="$HOME/.kube/profiles/gcp"
mkdir -p "$parentDir"
KUBECONFIG="$parentDir/${PROJECT_ID}-${CLUSTER_NAME}"
if [ ! -s "${KUBECONFIG}" ]; then
get_credentials
chmod go-r "${KUBECONFIG}"
fi
if [ -n "${NAMESPACE}" ]; then
namespaceKubeconfig="${KUBECONFIG}-${NAMESPACE}"
if [ ! -f "${namespaceKubeconfig}" ]; then
yq e ".contexts[].context.namespace=\"${NAMESPACE}\"" "${KUBECONFIG}" >"${namespaceKubeconfig}"
chmod go-r "${namespaceKubeconfig}"
log "Successfully created env specific kubeconfig: $(ab "${namespaceKubeconfig/$HOME/\~}")"
fi
KUBECONFIG="${namespaceKubeconfig}"
export KUBECONFIG
status=$(kubectl version -o json 2>/dev/null | jq -r ".serverVersion.gitVersion")
[ "$status" = "null" ] && whine "Cannot connect to cluster $(ab "${CLUSTER_NAME}"). Try remove your kubeconfig file $(ab "${KUBECONFIG/$HOME/\~}")"
fi
}
setup_cluster_gcp()
{
set_project_id "${PROJECT_ID}"
set_region "${CLUSTER_REGION}"
CLUSTER_NAME="${CLUSTER_NAME:-${PROJECT_ID}-cluster}"
set_cluster_name "${CLUSTER_NAME}"
check_gcp_login
setup_kubeconfig
work_on_cluster
}