kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Create K8S_SECRET_* CI variables as a K8s Secret

Browse source 
Find any CI variables from `env` which has a prefix. If there are any
such CI variables, strip prefix from variable name then create a generic
Kubernetes secret containing all these CI variables as key-value pairs.

Also, Pass in secretname to application container

The secretname may be present, if nil, the chart does nothing. If
present, the chart will load the key-value pairs from the secret into
the application container. See
https://gitlab.com/charts/auto-deploy-app/blob/master/README.md#configuration
This commit is contained in:
Thong Kuah 2018-12-12 13:18:50 +13:00
parent a4833f6fe0
commit 4b92b5500b
2 changed files with 33 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
changelogs/unreleased/49056-configure-auto-devops-deployed-applications-with-secrets-that-aren-t-committed-to-the-repo.yml Normal file
View file

@ -0,0 +1,5 @@
---
title: Configure Auto DevOps deployed applications with secrets from prefixed CI variables
merge_request: 23719
author:
type: added

28
lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml
View file

@ -595,6 +595,15 @@ rollout 100%:
fi fi
} }
# Finds any variables prefixed with `K8S_SECRET_`, and exports them as the
# global $K8S_VARIABLES with prefix removed.
function extract_prefixed_variables() {
prefix="K8S_SECRET_"
k8s_variables=$(env | (grep "^${prefix}" || [[ $? == 1 ]]) | sed "s/^${prefix}//")
export K8S_VARIABLES=$k8s_variables
}
function deploy() { function deploy() {
track="${1-stable}" track="${1-stable}"
percentage="${2:-100}" percentage="${2:-100}"
@ -620,6 +629,23 @@ rollout 100%:
secret_name='' secret_name=''
fi fi
extract_prefixed_variables
if [[ -n "$K8S_VARIABLES" ]]; then
echo "Prefixed CI variables found, creating secret..."
application_secret_name="${name}-secret"
fromLiteralArgs=""
for k8s_variable in ${K8S_VARIABLES}; do
fromLiteralArgs="${fromLiteralArgs:+${fromLiteralArgs} }--from-literal=${k8s_variable}"
done
# We want fromLiteralArgs to be interpreted as args, so don't quote it!
kubectl create secret -n "$KUBE_NAMESPACE" \
generic "$application_secret_name" \
${fromLiteralArgs} \
-o yaml --dry-run | kubectl replace -n "$KUBE_NAMESPACE" --force -f -
fi
if [[ -n "$DB_INITIALIZE" && -z "$(helm ls -q "^$name$")" ]]; then if [[ -n "$DB_INITIALIZE" && -z "$(helm ls -q "^$name$")" ]]; then
echo "Deploying first release with database initialization..." echo "Deploying first release with database initialization..."
helm upgrade --install \ helm upgrade --install \
@ -632,6 +658,7 @@ rollout 100%:
--set image.secrets[0].name="$secret_name" \ --set image.secrets[0].name="$secret_name" \
--set application.track="$track" \ --set application.track="$track" \
--set application.database_url="$DATABASE_URL" \ --set application.database_url="$DATABASE_URL" \
--set application.secretName="$application_secret_name" \
--set service.url="$CI_ENVIRONMENT_URL" \ --set service.url="$CI_ENVIRONMENT_URL" \
--set replicaCount="$replicas" \ --set replicaCount="$replicas" \
--set postgresql.enabled="$postgres_enabled" \ --set postgresql.enabled="$postgres_enabled" \
@ -664,6 +691,7 @@ rollout 100%:
--set image.secrets[0].name="$secret_name" \ --set image.secrets[0].name="$secret_name" \
--set application.track="$track" \ --set application.track="$track" \
--set application.database_url="$DATABASE_URL" \ --set application.database_url="$DATABASE_URL" \
--set application.secretName="$application_secret_name" \
--set service.url="$CI_ENVIRONMENT_URL" \ --set service.url="$CI_ENVIRONMENT_URL" \
--set replicaCount="$replicas" \ --set replicaCount="$replicas" \
--set postgresql.enabled="$postgres_enabled" \ --set postgresql.enabled="$postgres_enabled" \