You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
40 lines
1.3 KiB
40 lines
1.3 KiB
#!/bin/sh
|
|
|
|
set -e
|
|
# set -x
|
|
|
|
# echo "--------------------------"
|
|
# echo "--- export ---"
|
|
# export
|
|
# echo "--- env ---"
|
|
# env
|
|
# echo "--- set ---"
|
|
# set
|
|
# echo "--------------------------"
|
|
|
|
# only execute this script as part of the pipeline.
|
|
[ -z "$CI" ] && ( echo "I am not running in Drone CI"; exit 2; )
|
|
|
|
# only execute the script when the client key and certificate exist.
|
|
[ -z "$KUB_KEY" ] && ( echo "I need kub_key secret"; exit 3; )
|
|
[ -z "$KUB_CRT" ] && ( echo "I need kub_crt secret"; exit 4; )
|
|
|
|
# only execute the script when the CA certificate is present.
|
|
[ -z "$KUB_CA" ] && ( echo "I need kub_ca"; exit 5; )
|
|
|
|
# write the client key and the certificate
|
|
echo -n "$KUB_KEY" > /root/kub.key
|
|
chmod 600 /root/kub.key
|
|
echo -n "$KUB_CRT" > /root/kub.crt
|
|
|
|
# write the Kubernetes CA
|
|
echo -n "$KUB_CA" > /root/ca.crt
|
|
|
|
# check whether the certificate is signed by the CA
|
|
# TODO: (install openssl ? ) openssl verify -CAfile /root/ca.crt /root/kub.crt && ( echo "kub_crt is not signed by kub_ca"; exit 6; )
|
|
|
|
# Configure the cluster and the context
|
|
kubectl config set-credentials arno --client-certificate=/root/kub.crt --client-key=/root/kub.key
|
|
kubectl config set-cluster kubernetes --server=https://k8s.nixaid.com:6443 --certificate-authority=/root/ca.crt
|
|
kubectl config set-context kub-context --cluster=kubernetes --namespace=arno --user=arno
|