Skip to content

Commit b1f7ba5

Browse files
felix-seifertfelix-seifert
authored
feat: functionality to write Kubeconfig file in CI workflows (#53)
1 parent 32b578e commit b1f7ba5

File tree

2 files changed

+40
-5
lines changed

2 files changed

+40
-5
lines changed

kubernetes/Makefile

Lines changed: 20 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,9 @@
11
KUBECTL ?= kubectl
22
K8S_RESOURCES_DIR := .
33

4+
KUBECONFIG_TEMPLATE ?= ./sa-kubeconfig.yaml.template
5+
NEW_KUBECONFIG_FILE ?= ../sa-kubeconfig.yaml
6+
47
# Arg DIR is used to define applying resources only for specific app/subdir
58
ifdef DIR
69
TARGET_DIR := $(K8S_RESOURCES_DIR)/$(DIR)
@@ -24,7 +27,7 @@ define generate_skip_dirs_through_prune
2427
$(foreach dir,$(SPACE_SEPARATED_SKIP_DIRS),-path $(TARGET_DIR)/$(dir) -o) -false
2528
endef
2629

27-
.PHONY: apply-namespaces apply-all apply update-image print-decoded-token help
30+
.PHONY: apply-namespaces apply-all apply update-image print-decoded-token print-ca-cert print-api-url help
2831

2932
.DEFAULT_GOAL := help
3033

@@ -75,11 +78,11 @@ print-decoded-token: ## Print base64 decoded token of secret which is passed as
7578
exit 1; \
7679
fi
7780
@NAME=$(SECRET_NAME) ; \
78-
NAMESPACE=$$(kubectl get secrets --all-namespaces --output jsonpath='{range .items[?(@.metadata.name=="'"$$NAME"'")]}{.metadata.namespace}{"\n"}{end}') ; \
81+
NAMESPACE=$$($(KUBECTL) get secrets --all-namespaces --output jsonpath='{range .items[?(@.metadata.name=="'"$$NAME"'")]}{.metadata.namespace}{"\n"}{end}') ; \
7982
if [ -z "$$NAMESPACE" ]; then \
8083
echo "Secret $$NAME not found in any namespace." >&2 ; exit 1 ; \
8184
fi ; \
82-
TOKEN=$$(kubectl get secret $$NAME -n $$NAMESPACE -o jsonpath='{.data.token}' | base64 --decode) ; \
85+
TOKEN=$$($(KUBECTL) get secret $$NAME -n $$NAMESPACE -o jsonpath='{.data.token}' | base64 --decode) ; \
8386
if [ -z "$$TOKEN" ]; then \
8487
echo "Token not found in secret $$NAME in namespace $$NAMESPACE." >&2 ; exit 1 ; \
8588
fi ; \
@@ -91,11 +94,11 @@ print-ca-cert: ## Print base64 encoded CA cert data of secret which is passed as
9194
exit 1; \
9295
fi
9396
@NAME=$(SECRET_NAME) ; \
94-
NAMESPACE=$$(kubectl get secrets --all-namespaces --output jsonpath='{range .items[?(@.metadata.name=="'"$$NAME"'")]}{.metadata.namespace}{"\n"}{end}') ; \
97+
NAMESPACE=$$($(KUBECTL) get secrets --all-namespaces --output jsonpath='{range .items[?(@.metadata.name=="'"$$NAME"'")]}{.metadata.namespace}{"\n"}{end}') ; \
9598
if [ -z "$$NAMESPACE" ]; then \
9699
echo "Secret $$NAME not found in any namespace." >&2 ; exit 1 ; \
97100
fi ; \
98-
CA_CERT_DATA=$$(kubectl get secret $$NAME -n $$NAMESPACE -o jsonpath='{.data.ca\.crt}') ; \
101+
CA_CERT_DATA=$$($(KUBECTL) get secret $$NAME -n $$NAMESPACE -o jsonpath='{.data.ca\.crt}') ; \
99102
if [ -z "$$CA_CERT_DATA" ]; then \
100103
echo "Token not found in secret $$NAME in namespace $$NAMESPACE." >&2 ; exit 1 ; \
101104
fi ; \
@@ -104,5 +107,17 @@ print-ca-cert: ## Print base64 encoded CA cert data of secret which is passed as
104107
print-api-url: ## Print URL of Kubernetes API server from `kubectl config view`
105108
@echo $$($(KUBECTL) config view --minify -o jsonpath='{.clusters[0].cluster.server}')
106109

110+
write-kubeconfig: ## Write a Kubeconfig file at location NEW_KUBECONFIG_FILE, needs args TOKEN, CA_CERT and API_URL
111+
@if [ -z "$(TOKEN)" ] || [ -z "$(CA_CERT)" ] || [ -z "$(API_URL)" ]; then \
112+
echo "Usage: make write-kubeconfig TOKEN=... CA_CERT=... API_URL=..."; \
113+
exit 1; \
114+
fi; \
115+
sed \
116+
-e 's|{{TOKEN}}|$(TOKEN)|g' \
117+
-e 's|{{CA_CERT}}|$(CA_CERT)|g' \
118+
-e 's|{{API_SERVER}}|$(API_URL)|g' \
119+
$(KUBECONFIG_TEMPLATE) > $(NEW_KUBECONFIG_FILE); \
120+
echo "Wrote $(NEW_KUBECONFIG_FILE)"
121+
107122
help: ## Show this help
108123
@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z0-9._-]+:.*?## / {printf "\033[1m\033[36m%-24s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST)

kubernetes/sa-kubeconfig.yaml.template

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
apiVersion: v1
2+
kind: Config
3+
clusters:
4+
- name: gohfert-cluster
5+
cluster:
6+
server: {{API_SERVER}}
7+
certificate-authority-data: {{CA_CERT}}
8+
users:
9+
- name: service-account
10+
user:
11+
token: {{TOKEN}}
12+
contexts:
13+
- name: sa-context
14+
context:
15+
cluster: gohfert-cluster
16+
user: service-account
17+
namespace: default
18+
current-context: sa-context
19+
20+
# EOF

0 commit comments

Comments
 (0)