forked from hashicorp/vault
-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathpush_helm_chart.sh
More file actions
102 lines (76 loc) · 3.12 KB
/
push_helm_chart.sh
File metadata and controls
102 lines (76 loc) · 3.12 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
#!/bin/bash
set -e
SCRIPT_PATH=$(dirname "${BASH_SOURCE[0]}")
. $SCRIPT_PATH/helm_chart.cfg
if [[ -n $WORK_DIR ]]; then
mkdir -p $WORK_DIR
cd $WORK_DIR
fi
IAM_TOKEN=$(ycp --profile="$PROFILE" iam create-token)
DOMAIN="cr.yandex"
if [[ "$PROFILE" == "israel" ]]; then
DOMAIN="cr.cloudil.com"
fi
if [[ "$PROFILE" == "preprod" ]]; then
DOMAIN="cr.cloud-preprod.yandex.net"
fi
docker login --username iam --password $IAM_TOKEN $DOMAIN
git clone https://github.com/hashicorp/vault-helm.git ./vault-helm
git clone ssh://git@bb.yandexcloud.net/cloud/mk8s-marketplace-helm.git ./mk8s-marketplace-helm
cd vault-helm
TAGS=$(git tag --sort="-version:refname")
echo $TAGS
VERSION=$(echo "$BASE_VERSION" | cut -c 2-)
CUT_VERSION="${VERSION%.*}"
ACTUAL_TAG=''
for TAG in $TAGS
do
git checkout tags/$TAG values.yaml
ACTUAL_VERSION=$(yq '.server.image.tag' values.yaml)
ACTUAL_VERSION="${ACTUAL_VERSION%.*}"
echo "Actual version = $ACTUAL_VERSION and version = $CUT_VERSION"
if [ $CUT_VERSION = $ACTUAL_VERSION ]
then
ACTUAL_TAG=$TAG
echo "Found actual version $ACTUAL_VERSION"
break
fi
done
git checkout tags/$ACTUAL_TAG
sudo rm -r ./.git
CSI_PROVIDER_ACTUAL_TAG=$(yq '.csi.image.tag' values.yaml)
K8S_ACTUAL_TAG=$(yq '.injector.image.tag' values.yaml)
cd ../
docker pull hashicorp/vault-csi-provider:$CSI_PROVIDER_ACTUAL_TAG --platform amd64
docker pull hashicorp/vault-k8s:$K8S_ACTUAL_TAG --platform amd64
CSI_PROVIDER_IMAGE_ID=$(docker images hashicorp/vault-csi-provider:$CSI_PROVIDER_ACTUAL_TAG -q)
K8S_IMAGE_ID=$(docker images hashicorp/vault-k8s:$K8S_ACTUAL_TAG -q)
docker tag $K8S_IMAGE_ID $DOMAIN/$REGISTRY_ID/vault/vault-k8s:$K8S_ACTUAL_TAG
docker tag $K8S_IMAGE_ID $DOMAIN/$REGISTRY_ID/vault/vault-k8s:latest
docker tag $CSI_PROVIDER_IMAGE_ID $DOMAIN/$REGISTRY_ID/vault/vault-csi-provider:$CSI_PROVIDER_ACTUAL_TAG
docker tag $CSI_PROVIDER_IMAGE_ID $DOMAIN/$REGISTRY_ID/vault/vault-csi-provider:latest
docker push $DOMAIN/$REGISTRY_ID/vault/vault-k8s:$K8S_ACTUAL_TAG
docker push $DOMAIN/$REGISTRY_ID/vault/vault-k8s:latest
docker push $DOMAIN/$REGISTRY_ID/vault/vault-csi-provider:$CSI_PROVIDER_ACTUAL_TAG
docker push $DOMAIN/$REGISTRY_ID/vault/vault-csi-provider:latest
rm -r ./mk8s-marketplace-helm/products/hashicorp-vault/chart
cp -r ./vault-helm ./mk8s-marketplace-helm/products/hashicorp-vault/chart
rm -r ./mk8s-marketplace-helm/products/hashicorp-vault/chart/test
CHART_VERSION="$(yq '.version' ./vault-helm/Chart.yaml)-1"
replacement=$CHART_VERSION yq -i '.version = strenv(replacement)' ./mk8s-marketplace-helm/products/hashicorp-vault/chart/Chart.yaml
cat >./mk8s-marketplace-helm/products/hashicorp-vault/chart/templates/kms-creds-secret.yaml <<EOF
apiVersion: v1
kind: Secret
metadata:
name: kms-creds
namespace: {{ .Release.Namespace | quote }}
labels:
chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
type: Opaque
data:
"credentials.json": {{ .Values.yandexKmsAuthJson | b64enc }}
EOF
/bin/bash $SCRIPT_PATH/update_values.sh
cd mk8s-marketplace-helm/products/hashicorp-vault/chart
helm package .
helm push ./vault-$(echo "$ACTUAL_TAG" | cut -c 2-)-1.tgz oci://$DOMAIN/$REGISTRY_ID/vault/chart