5stack-panel/update.sh at main · 5stackgg/5stack-panel · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
#!/bin/bash

source setup-env.sh "$@"

if [ "$REVERSE_PROXY" = true ]; then
    kubectl --kubeconfig=$KUBECONFIG delete certificate 5stack-ssl -n 5stack 2>/dev/null
fi

if [ "$REVERSE_PROXY" != true ]; then
    # Apply cert-manager CRDs and controller first to avoid race conditions with Certificate/Issuer
    ./kustomize build overlays/cert-manager-crds | output_redirect kubectl --kubeconfig=$KUBECONFIG apply -f -

    output_redirect kubectl --kubeconfig=$KUBECONFIG wait --for=condition=Established crd/certificates.cert-manager.io --timeout=120s
    output_redirect kubectl --kubeconfig=$KUBECONFIG wait --for=condition=Established crd/issuers.cert-manager.io --timeout=120s
    output_redirect kubectl --kubeconfig=$KUBECONFIG wait --for=condition=Established crd/clusterissuers.cert-manager.io --timeout=120s
fi

HTTP_REPLACEMENTS="$(dirname "$0")/overlays/http/http-replacements.yaml"
HTTPS_REPLACEMENTS="$(dirname "$0")/overlays/http/https-replacements.yaml"

OVERLAY_BASES=("vault" "local-secrets")
for BASE in "${OVERLAY_BASES[@]}"; do
    for PROTOCOL in "http" "https"; do
        OVERLAY="overlays/${BASE}-${PROTOCOL}"
        mkdir -p "$OVERLAY"

        cat > "$OVERLAY/kustomization.yaml" <<EOF
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

resources:
- ../$BASE
- ../config
$(if [[ "$PROTOCOL" == "https" ]]; then echo "- ../cert-manager"; fi)
EOF
        if [ "$PROTOCOL" = "https" ]; then
            cp overlays/http/ingress-patch.yaml "$OVERLAY/ingress-patch.yaml"
            cat "$HTTPS_REPLACEMENTS" >> "$OVERLAY/kustomization.yaml"
        else
            cat "$HTTP_REPLACEMENTS" >> "$OVERLAY/kustomization.yaml"
        fi
    done
done

if [ "$VAULT_MANAGER" = true ]; then
    if [ "$REVERSE_PROXY" = true ]; then
        ./kustomize build overlays/vault-http | output_redirect kubectl --kubeconfig=$KUBECONFIG apply -f -
    else
        ./kustomize build overlays/vault-https | output_redirect kubectl --kubeconfig=$KUBECONFIG apply -f -
    fi
else
    if [ "$REVERSE_PROXY" = true ]; then
        ./kustomize build overlays/local-secrets-http | output_redirect kubectl --kubeconfig=$KUBECONFIG apply -f -
    else
        ./kustomize build overlays/local-secrets-https | output_redirect kubectl --kubeconfig=$KUBECONFIG apply -f -
    fi
fi

kubectl --kubeconfig=$KUBECONFIG delete deployment minio -n 5stack 2>/dev/null
kubectl --kubeconfig=$KUBECONFIG delete deployment timescaledb -n 5stack  2>/dev/null
kubectl --kubeconfig=$KUBECONFIG delete deployment typesense -n 5stack  2>/dev/null
kubectl --kubeconfig=$KUBECONFIG delete deployment redis -n 5stack  2>/dev/null

GIT_SHA=$(git rev-parse HEAD)

kubectl --kubeconfig=$KUBECONFIG label node $(kubectl --kubeconfig=$KUBECONFIG get nodes --selector='node-role.kubernetes.io/control-plane' -o jsonpath='{.items[0].metadata.name}') 5stack-panel-version=$GIT_SHA --overwrite

if [ "$REVERSE_PROXY" = false ]; then
    watch_ssl_status
fi

echo "5Stack : Updated"