71 lines
2.0 KiB
Bash
Executable File
71 lines
2.0 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
|
|
ORG="${ORG:-trade-next}"
|
|
SECRET_NAME="${SECRET_NAME:-K3S_KUBECONFIG_B64}"
|
|
GITEA_URL="${GITEA_URL:-https://gitea.mpabi.pl}"
|
|
GITEA_TOKEN_FILE="${GITEA_TOKEN_FILE:-/home/user/dev/mcp/tools/tokens/gitea.token}"
|
|
SOL_HOST="${SOL_HOST:-149.50.96.162}"
|
|
SOL_USER="${SOL_USER:-user}"
|
|
SOL_SSH_KEY="${SOL_SSH_KEY:-/home/user/dev/mcp/keys/mpabi/mevnode_mcp}"
|
|
DEPLOY_NAMESPACE="${DEPLOY_NAMESPACE:-gitea-actions}"
|
|
DEPLOY_SERVICE_ACCOUNT="${DEPLOY_SERVICE_ACCOUNT:-trade-gitops-deployer}"
|
|
KUBE_API_SERVER="${KUBE_API_SERVER:-https://149.50.96.162:6443}"
|
|
|
|
gitea_token() {
|
|
cut -d: -f2- "$GITEA_TOKEN_FILE" | head -n1 | tr -d '[:space:]'
|
|
}
|
|
|
|
ssh_sol() {
|
|
ssh -i "$SOL_SSH_KEY" -o IdentitiesOnly=yes -o StrictHostKeyChecking=no "$SOL_USER@$SOL_HOST" "$@"
|
|
}
|
|
|
|
API_TOKEN="$(gitea_token)"
|
|
if [ -z "$API_TOKEN" ]; then
|
|
echo "Gitea API token is empty" >&2
|
|
exit 1
|
|
fi
|
|
|
|
CA_DATA="$(ssh_sol "sudo k3s kubectl config view --raw -o jsonpath='{.clusters[0].cluster.certificate-authority-data}'")"
|
|
SA_TOKEN="$(ssh_sol "sudo k3s kubectl -n ${DEPLOY_NAMESPACE} create token ${DEPLOY_SERVICE_ACCOUNT} --duration=8760h")"
|
|
|
|
if [ -z "$CA_DATA" ] || [ -z "$SA_TOKEN" ]; then
|
|
echo "Failed to generate deployer kubeconfig material" >&2
|
|
exit 1
|
|
fi
|
|
|
|
KUBECONFIG_B64="$(
|
|
cat <<EOF | base64 -w0
|
|
apiVersion: v1
|
|
kind: Config
|
|
clusters:
|
|
- cluster:
|
|
certificate-authority-data: ${CA_DATA}
|
|
server: ${KUBE_API_SERVER}
|
|
name: sol
|
|
contexts:
|
|
- context:
|
|
cluster: sol
|
|
namespace: default
|
|
user: ${DEPLOY_SERVICE_ACCOUNT}
|
|
name: sol
|
|
current-context: sol
|
|
users:
|
|
- name: ${DEPLOY_SERVICE_ACCOUNT}
|
|
user:
|
|
token: ${SA_TOKEN}
|
|
EOF
|
|
)"
|
|
|
|
PAYLOAD="$(jq -nc --arg data "$KUBECONFIG_B64" --arg description "k3s deploy kubeconfig for trade-next on sol" '{data:$data,description:$description}')"
|
|
|
|
curl -fsS \
|
|
-X PUT \
|
|
-H "Authorization: token ${API_TOKEN}" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$PAYLOAD" \
|
|
"${GITEA_URL}/api/v1/orgs/${ORG}/actions/secrets/${SECRET_NAME}" \
|
|
>/dev/null
|
|
|
|
echo "Organization secret ${ORG}/${SECRET_NAME} updated"
|