mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-01-03 20:01:01 -05:00
111 lines
2.7 KiB
Bash
Executable File
111 lines
2.7 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
function terminate_mint() {
|
|
# shellcheck disable=SC2317
|
|
kubectl logs job/mint-deploy
|
|
# shellcheck disable=SC2317
|
|
kubectl delete job mint-deploy
|
|
}
|
|
|
|
if [[ ! $1 =~ ^ghcr.io/edgelesssys/mint:v.*$ ]]; then
|
|
echo "Error: invalid tag, expected input to match pattern '^ghcr.io\/edgelesssys\/mint:v*$'"
|
|
exit 1
|
|
fi
|
|
|
|
if [[ -z $KUBECONFIG ]]; then
|
|
echo "Error: KUBECONFIG environment variable not set"
|
|
exit 1
|
|
fi
|
|
|
|
if [[ -z $ACCESS_KEY ]]; then
|
|
echo "Error: ACCESS_KEY environment variable not set"
|
|
exit 1
|
|
fi
|
|
|
|
if [[ -z $SECRET_KEY ]]; then
|
|
echo "Error: SECRET_KEY environment variable not set"
|
|
exit 1
|
|
fi
|
|
|
|
# Wait for the s3proxy service to be created. kubectl wait can not wait for resources to be created.
|
|
start_time=$(date +%s)
|
|
timeout=300
|
|
while true; do
|
|
if [[ -n "$(kubectl get svc -l app=s3proxy -o jsonpath='{.items[*]}')" ]]; then
|
|
echo "Service with label app=s3proxy found"
|
|
service_ip=$(kubectl get svc s3proxy-service -o=jsonpath='{.spec.clusterIP}')
|
|
break
|
|
else
|
|
current_time=$(date +%s)
|
|
elapsed_time=$((current_time - start_time))
|
|
if [[ $elapsed_time -ge $timeout ]]; then
|
|
echo "Timeout waiting for service with label app=s3proxy"
|
|
exit 1
|
|
else
|
|
echo "Waiting for service with label app=s3proxy"
|
|
sleep 5
|
|
fi
|
|
fi
|
|
done
|
|
|
|
kubectl delete job mint-deploy --ignore-not-found=true
|
|
|
|
cat << EOF | kubectl apply -f -
|
|
apiVersion: batch/v1
|
|
kind: Job
|
|
metadata:
|
|
name: mint-deploy
|
|
spec:
|
|
template:
|
|
metadata:
|
|
name: mint-deploy
|
|
spec:
|
|
restartPolicy: Never
|
|
hostAliases:
|
|
- ip: "$service_ip"
|
|
hostnames:
|
|
- "s3.eu-west-1.amazonaws.com"
|
|
containers:
|
|
- name: mint
|
|
image: "$1"
|
|
args:
|
|
- "aws-sdk-go"
|
|
- "versioning"
|
|
volumeMounts:
|
|
- name: ca-cert
|
|
mountPath: /etc/ssl/certs/kube-ca.crt
|
|
subPath: kube-ca.crt
|
|
env:
|
|
- name: SERVER_REGION
|
|
value: eu-west-1
|
|
- name: SERVER_ENDPOINT
|
|
value: s3.eu-west-1.amazonaws.com:443
|
|
- name: ENABLE_HTTPS
|
|
value: "1"
|
|
- name: AWS_CA_BUNDLE
|
|
value: /etc/ssl/certs/kube-ca.crt
|
|
- name: ACCESS_KEY
|
|
value: "$ACCESS_KEY"
|
|
- name: SECRET_KEY
|
|
value: "$SECRET_KEY"
|
|
volumes:
|
|
- name: ca-cert
|
|
secret:
|
|
secretName: s3proxy-tls
|
|
items:
|
|
- key: ca.crt
|
|
path: kube-ca.crt
|
|
EOF
|
|
|
|
# Remove job before this script finishes.
|
|
trap "terminate_mint" EXIT
|
|
|
|
# Tests have to complete within 10 minutes, otherwise they have failed.
|
|
if kubectl wait --for=condition=complete job/mint-deploy --timeout=600s; then
|
|
echo "Mint tests completed successfully"
|
|
exit 0
|
|
else
|
|
echo "Mint tests failed"
|
|
exit 1
|
|
fi
|