This repository has been archived by the owner on Jul 17, 2018. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 2
/
deploy.sh
executable file
·131 lines (99 loc) · 4.23 KB
/
deploy.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
#!/bin/sh
set -e
echo "------ ${WHAT} deploy to ${DRONE_DEPLOY_TO} with ${IMAGE_NAME} on ${BRANCH} ------"
BRANCH_SAFE=$(echo ${BRANCH} | sed -e "s/\//_/g")
export KUBE_SERVER=https://kube-dev.dsp.notprod.homeoffice.gov.uk
export KUBE_NAMESPACE=ircbd-${DRONE_DEPLOY_TO}
export INSECURE_SKIP_TLS_VERIFY=true
export KEYCLOAK_DISCOVERY=https://keycloak.digital.homeoffice.gov.uk/auth/realms/ircbd
export KEYCLOAK_CLIENT_ID=ircbd-dev
RANDOM_STRING=$(head /dev/urandom | tr -dc a-z0-9 | head -c 13)
### --- DEFAULT SETTINGS --- ###
export API_URL=api-ibm-${DRONE_DEPLOY_TO}.notprod.homeoffice.gov.uk
export WALLBOARD_URL=wallboard-ibm-${DRONE_DEPLOY_TO}.notprod.homeoffice.gov.uk
#export KEYCLOAK_CLIENT_SECRET=${KEYCLOAK_CLIENT_SECRET_${DRONE_DEPLOY_TO}}
export DBNAME=removals
export DBUSER=root
export DBPASS=foobar
export DBHOST=mysql
export DBPORT=3306
### --- PRODUCTION SETTINGS --- ###
if [ $DRONE_DEPLOY_TO = "prod" ]; then
export KUBE_TOKEN=${KUBE_TOKEN_PROD}
export KUBE_SERVER=https://kube.dsp.digital.homeoffice.gov.uk
export API_URL=api.ircbd.homeoffice.gov.uk
export WALLBOARD_URL=wallboard.ircbd.homeoffice.gov.uk
fi
### --- EPHEMERAL SETTINGS --- ###
if [ $DRONE_DEPLOY_TO = "ephemeral" ]; then
export KUBE_NAMESPACE=ircbd-${RANDOM_STRING}
export KUBE_SERVER=${KUBE_SERVER_CI}
export KUBE_TOKEN=${KUBE_TOKEN_CI}
kubectl create namespace ${KUBE_NAMESPACE} --insecure-skip-tls-verify=true --server=${KUBE_SERVER} --token=${KUBE_TOKEN}
DEPLOY_API=TRUE
DEPLOY_WALLBOARD=TRUE
RUN_TESTS=TRUE
export API_URL=api-ircbd-${RANDOM_STRING}.notprod.homeoffice.gov.uk
export WALLBOARD_URL=wallboard-ircbd-${RANDOM_STRING}.notprod.homeoffice.gov.uk
kd -f kube/e2etest/deployment.yml -f kube/e2etest/service.yml
fi
### we use RDS in UAT/PROD so don't need a mysql server there ###
if [ $DRONE_DEPLOY_TO != "prod" -a $DRONE_DEPLOY_TO != "uat" ]; then
kd -f kube/mysql/deployment.yml -f kube/mysql/service.yml
fi
if [ $WHAT = api ]; then
DEPLOY_API=TRUE
export API_IMAGE=${IMAGE_NAME}
fi
if [ $WHAT = wallboard ]; then
DEPLOY_WALLBOARD=TRUE
export WALLBOARD_IMAGE=${IMAGE_NAME}
fi
## IP whitelist filtering
wget -O whitelist.txt https://my.pingdom.com/probes/ipv4
set +e
kubectl --insecure-skip-tls-verify=true --server=${KUBE_SERVER} --token=${KUBE_TOKEN} --namespace=${KUBE_NAMESPACE} get secret ipwhitelist -o="go-template={{index .data \"ipwhitelist.txt\"}}" | base64 -d | grep -v "#" >> whitelist.txt
cat whitelist.txt | sed -e '/^\s*$/d' -e ':a' -e 'N' -e '$!ba' -e 's/\n/\/32, /g' -e '/^\s*$/d' > whitelist.txt
set -e
export IP_WHITELIST=$(cat whitelist.txt)/32
if [ ${DEPLOY_API} ]; then
if [ -z ${API_IMAGE} ]; then
if [ $(wget -sq https://quay.io/c1/squash/ukhomeofficedigital/removals-integration/${BRANCH_SAFE}) ]; then
export API_IMAGE=quay.io/ukhomeofficedigital/removals-integration:${BRANCH_SAFE}
else
export API_IMAGE=quay.io/ukhomeofficedigital/removals-integration:origin_master
fi
fi
echo "Deploying API ${API_IMAGE} to ${API_URL}"
kd \
-f kube/redis/deployment.yml \
-f kube/redis/service.yml \
-f kube/api/task.yml \
-f kube/api/deployment.yml \
-f kube/api/service.yml \
-f kube/api/ingress.yml
fi
if [ ${DEPLOY_WALLBOARD} ]; then
if [ -z ${WALLBOARD_IMAGE} ]; then
if [ $(wget -sq https://quay.io/c1/squash/ukhomeofficedigital/removals-wallboard/${BRANCH_SAFE}) ]; then
export WALLBOARD_IMAGE=quay.io/ukhomeofficedigital/removals-wallboard:${BRANCH_SAFE}
else
export WALLBOARD_IMAGE=quay.io/ukhomeofficedigital/removals-wallboard:origin_master
fi
fi
echo "Deploying WALLBOARD ${WALLBOARD_IMAGE} to ${WALLBOARD_URL}"
kd \
-f kube/wallboard/deployment.yml \
-f kube/wallboard/service.yml \
-f kube/wallboard/ingress.yml
fi
if [ ${RUN_TESTS} ]; then
kd \
-f kube/e2etest/task.yml
kubectl --insecure-skip-tls-verify=true --server=${KUBE_SERVER} --token=${KUBE_TOKEN} --namespace=${KUBE_NAMESPACE} get pods
kubectl --insecure-skip-tls-verify=true --server=${KUBE_SERVER} --token=${KUBE_TOKEN} --namespace=${KUBE_NAMESPACE} attach api-schema
# @TODO check the test results
fi
if [ $DRONE_DEPLOY_TO = "ephemeral" ]; then
kubectl delete namespace ${KUBE_NAMESPACE} --insecure-skip-tls-verify=true --server=${KUBE_SERVER} --token=${KUBE_TOKEN}
fi