feat(actions): bootstrap sol runner
All checks were successful
runner-smoke / smoke (push) Successful in 36s
All checks were successful
runner-smoke / smoke (push) Successful in 36s
This commit is contained in:
70
bootstrap/gitea-actions/scripts/sync-k3s-kubeconfig-org-secret.sh
Executable file
70
bootstrap/gitea-actions/scripts/sync-k3s-kubeconfig-org-secret.sh
Executable file
@@ -0,0 +1,70 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
ORG="${ORG:-trade-next}"
|
||||
SECRET_NAME="${SECRET_NAME:-K3S_KUBECONFIG_B64}"
|
||||
GITEA_URL="${GITEA_URL:-https://gitea.mpabi.pl}"
|
||||
GITEA_TOKEN_FILE="${GITEA_TOKEN_FILE:-/home/user/dev/mcp/tools/tokens/gitea.token}"
|
||||
SOL_HOST="${SOL_HOST:-149.50.96.162}"
|
||||
SOL_USER="${SOL_USER:-user}"
|
||||
SOL_SSH_KEY="${SOL_SSH_KEY:-/home/user/dev/mcp/keys/mpabi/mevnode_mcp}"
|
||||
DEPLOY_NAMESPACE="${DEPLOY_NAMESPACE:-gitea-actions}"
|
||||
DEPLOY_SERVICE_ACCOUNT="${DEPLOY_SERVICE_ACCOUNT:-trade-gitops-deployer}"
|
||||
KUBE_API_SERVER="${KUBE_API_SERVER:-https://149.50.96.162:6443}"
|
||||
|
||||
gitea_token() {
|
||||
cut -d: -f2- "$GITEA_TOKEN_FILE" | head -n1 | tr -d '[:space:]'
|
||||
}
|
||||
|
||||
ssh_sol() {
|
||||
ssh -i "$SOL_SSH_KEY" -o IdentitiesOnly=yes -o StrictHostKeyChecking=no "$SOL_USER@$SOL_HOST" "$@"
|
||||
}
|
||||
|
||||
API_TOKEN="$(gitea_token)"
|
||||
if [ -z "$API_TOKEN" ]; then
|
||||
echo "Gitea API token is empty" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
CA_DATA="$(ssh_sol "sudo k3s kubectl config view --raw -o jsonpath='{.clusters[0].cluster.certificate-authority-data}'")"
|
||||
SA_TOKEN="$(ssh_sol "sudo k3s kubectl -n ${DEPLOY_NAMESPACE} create token ${DEPLOY_SERVICE_ACCOUNT} --duration=8760h")"
|
||||
|
||||
if [ -z "$CA_DATA" ] || [ -z "$SA_TOKEN" ]; then
|
||||
echo "Failed to generate deployer kubeconfig material" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
KUBECONFIG_B64="$(
|
||||
cat <<EOF | base64 -w0
|
||||
apiVersion: v1
|
||||
kind: Config
|
||||
clusters:
|
||||
- cluster:
|
||||
certificate-authority-data: ${CA_DATA}
|
||||
server: ${KUBE_API_SERVER}
|
||||
name: sol
|
||||
contexts:
|
||||
- context:
|
||||
cluster: sol
|
||||
namespace: default
|
||||
user: ${DEPLOY_SERVICE_ACCOUNT}
|
||||
name: sol
|
||||
current-context: sol
|
||||
users:
|
||||
- name: ${DEPLOY_SERVICE_ACCOUNT}
|
||||
user:
|
||||
token: ${SA_TOKEN}
|
||||
EOF
|
||||
)"
|
||||
|
||||
PAYLOAD="$(jq -nc --arg data "$KUBECONFIG_B64" --arg description "k3s deploy kubeconfig for trade-next on sol" '{data:$data,description:$description}')"
|
||||
|
||||
curl -fsS \
|
||||
-X PUT \
|
||||
-H "Authorization: token ${API_TOKEN}" \
|
||||
-H "Content-Type: application/json" \
|
||||
-d "$PAYLOAD" \
|
||||
"${GITEA_URL}/api/v1/orgs/${ORG}/actions/secrets/${SECRET_NAME}" \
|
||||
>/dev/null
|
||||
|
||||
echo "Organization secret ${ORG}/${SECRET_NAME} updated"
|
||||
Reference in New Issue
Block a user