diff --git a/README.md b/README.md index f0fa43c..cc2908d 100644 --- a/README.md +++ b/README.md @@ -40,13 +40,13 @@ It verifies the presence and readiness of required containers within the deploym ##### Usage: ```bash -Usage: ./checks/kube/deployment.sh [-h] [-n NAMESPACE] [-d HELM_DEPLOYMENT_NAME] [-l] [-c REQUIRED_CONTAINERS] +Usage: ./checks/kube/deployment.sh [-h] [-n NAMESPACE] [-d HELM_DEPLOYMENT_NAME] Options: -h Display this help message -n NAMESPACE Specify the namespace to use -d HELM_DEPLOYMENT_NAME Specify the name of the helm deployment (default: camunda) -l Skip checks of the helm deployment (default: 0) - -c REQUIRED_CONTAINERS Specify the list of containers to check (comma-separated, default: console connector web-modeler optimize zeebe zeebe-gateway) + -c Specify the list of containers to check (comma-separated, default: connector,optimize,zeebe,zeebe-gateway) ``` ##### Example: @@ -68,14 +68,17 @@ Please note that this check requires Helm to be deployed directly; using `helm t ##### Usage: ```bash -Usage: ./checks/kube/aws-irsa.sh [-h] [-n NAMESPACE] [-e EXCLUDE_COMPONENTS] [-p COMPONENTS_PG] [-l COMPONENTS_OS] [-s] +Usage: ./checks/kube/aws-irsa.sh [-h] [-n NAMESPACE] [-e EXCLUDE_COMPONENTS] [-p] [-l] [-s] Options: -h Display this help message - -n NAMESPACE Specify the namespace to use - -e EXCLUDE_COMPONENTS Comma-separated list of components to exclude from the check (reference of the component is the root key used in the chart) - -p COMPONENTS_PG Comma-separated list of components to check IRSA for PostgreSQL (overrides default list) - -l COMPONENTS_OS Comma-separated list of components to check IRSA for OpenSearch (overrides default list) - -s Disable pod spawn for IRSA and network flow verification + -n NAMESPACE Specify the namespace to use (required) + -e EXCLUDE_COMPONENTS Comma-separated list of Components to exclude from the check (reference of the component is the root key used in the chart) + -p Comma-separated list of Components to check IRSA for PostgreSQL (overrides default list: identityKeycloak,identity,webModeler) + -l Comma-separated list of Components to check IRSA for OpenSearch (overrides default list: zeebe,operate,tasklist,optimize) + -s Disable pod spawn for IRSA and connectivity verification. + By default, the script spawns jobs in the specified namespace to perform + IRSA checks and network connectivity tests. These jobs use the amazonlinux:latest + image and scan with nmap to verify connectivity. ``` ##### Example: @@ -106,7 +109,7 @@ It checks for the presence of services and ingresses that conform to the require ##### Usage: ```bash -Usage: ./checks/kube/connectivity.sh [-h] [-n NAMESPACE] [-i] +Usage: ./checks/kube/connectivity.sh [-h] [-n NAMESPACE] Options: -h Display this help message -n NAMESPACE Specify the namespace to use @@ -134,15 +137,16 @@ This script retrieves an access token from an authorization server using client ##### Usage: ```bash Usage: ./checks/zeebe/token.sh [-h] [-a ZEEBE_AUTHORIZATION_SERVER_URL] [-i ZEEBE_CLIENT_ID] [-s ZEEBE_CLIENT_SECRET] [-u ZEEBE_TOKEN_AUDIENCE] + [-k] [-r CACERT] [-j CLIENTCERT] Options: -h Display this help message - -a ZEEBE_AUTHORIZATION_SERVER_URL Specify the authorization server URL (e.g.: https://local.distro.ultrawombat.com/auth/realms/camunda-platform/protocol/openid-connect/token) + -a ZEEBE_AUTHORIZATION_SERVER_URL Specify the authorization server URL (e.g., https://local.distro.ultrawombat.com/auth/realms/camunda-platform/protocol/openid-connect/token) -i ZEEBE_CLIENT_ID Specify the client ID -s ZEEBE_CLIENT_SECRET Specify the client secret -u ZEEBE_TOKEN_AUDIENCE Specify the token audience -k Skip TLS verification (insecure mode) - -r CACERT Specify the path to CA certificate file - -j CLIENTCERT Specify the path to client certificate file + -r CACERT Specify the path to the CA certificate file + -j CLIENTCERT Specify the path to the client certificate file ``` ##### Example: @@ -163,20 +167,22 @@ This script verifies connectivity to a Zeebe Gateway instance using HTTP/2 and g ##### Usage: ```bash -Usage: ./checks/zeebe/connectivity.sh [-h] [-H ZEEBE_HOST] +Usage: ./checks/zeebe/connectivity.sh [-h] [-H ZEEBE_HOST] [-p ZEEBE_VERSION] [-f PROTO_FILE] [-k] [-r CACERT] [-j CLIENTCERT] + [-a ZEEBE_AUTHORIZATION_SERVER_URL] [-i ZEEBE_CLIENT_ID] [-s ZEEBE_CLIENT_SECRET] + [-u ZEEBE_TOKEN_AUDIENCE] [-q API_PROTOCOL] Options: -h Display this help message -H ZEEBE_HOST Specify the Zeebe host with the port (e.g., zeebe.c8.camunda.example.com:443) - -p ZEEBE_VERSION Specify the Zeebe version (default is latest version: 8.x.x) - -f PROTO_FILE Specify the path to gateway.proto file or leave empty to download it (default behavior is to download the protofile) + -p ZEEBE_VERSION Specify the Zeebe version (default is the latest version: 8.6.5) + -f PROTO_FILE Specify the path to the gateway.proto file or leave empty to download it (default behavior is to download the proto file) -k Skip TLS verification (insecure mode) - -r CACERT Specify the path to CA certificate file - -j CLIENTCERT Specify the path to Client certificate file - -a ZEEBE_AUTHORIZATION_SERVER_URL Specify the authorization server URL (e.g.: https://local.distro.example.com/auth/realms/camunda-platform/protocol/openid-connect/token) + -r CACERT Specify the path to the CA certificate file + -j CLIENTCERT Specify the path to the client certificate file + -a ZEEBE_AUTHORIZATION_SERVER_URL Specify the authorization server URL (e.g., https://local.distro.example.com/auth/realms/camunda-platform/protocol/openid-connect/token) -i ZEEBE_CLIENT_ID Specify the client ID -s ZEEBE_CLIENT_SECRET Specify the client secret -u ZEEBE_TOKEN_AUDIENCE Specify the token audience - -q API_PROTOCOL Specify the API protocol (e.g. http or grpc - default is grpc) + -q API_PROTOCOL Specify the API protocol (e.g., http or grpc - default is grpc) ``` ##### Example: diff --git a/checks/kube/aws-irsa.sh b/checks/kube/aws-irsa.sh index 2d037a9..53cf2da 100755 --- a/checks/kube/aws-irsa.sh +++ b/checks/kube/aws-irsa.sh @@ -9,7 +9,7 @@ DIR_NAME=$(dirname "$0") LVL_1_SCRIPT_NAME="$DIR_NAME/$SCRIPT_NAME" # Default variables -NAMESPACE="" +NAMESPACE="${NAMESPACE:-""}" SCRIPT_STATUS_OUTPUT=0 CHART_NAME="camunda-platform" SPAWN_POD=true # By default, the pod will spawn for verification @@ -21,7 +21,7 @@ COMPONENTS_TO_CHECK_IRSA_OS="zeebe,operate,tasklist,optimize" # The second list is for components that need IRSA to authenticate to PostgreSQL COMPONENTS_TO_CHECK_IRSA_PG="identityKeycloak,identity,webModeler" -EXCLUDE_COMPONENTS="" +EXCLUDE_COMPONENTS="${EXCLUDE_COMPONENTS:-""}" # Associative array for case-insensitive component mapping @@ -41,13 +41,13 @@ REQUIRED_AWSCLI_VERSION_V1="1.27.160" # Usage message usage() { - echo "Usage: $0 [-h] [-n NAMESPACE] [-e EXCLUDE_COMPONENTS] [-p COMPONENTS_PG] [-l COMPONENTS_OS] [-s]" + echo "Usage: $0 [-h] [-n NAMESPACE] [-e EXCLUDE_COMPONENTS] [-p] [-l] [-s]" echo "Options:" echo " -h Display this help message" echo " -n NAMESPACE Specify the namespace to use (required)" echo " -e EXCLUDE_COMPONENTS Comma-separated list of Components to exclude from the check (reference of the component is the root key used in the chart)" - echo " -p COMPONENTS_PG Comma-separated list of Components to check IRSA for PostgreSQL (overrides default list: $COMPONENTS_TO_CHECK_IRSA_PG)" - echo " -l COMPONENTS_OS Comma-separated list of Components to check IRSA for OpenSearch (overrides default list: $COMPONENTS_TO_CHECK_IRSA_OS)" + echo " -p Comma-separated list of Components to check IRSA for PostgreSQL (overrides default list: $COMPONENTS_TO_CHECK_IRSA_PG)" + echo " -l Comma-separated list of Components to check IRSA for OpenSearch (overrides default list: $COMPONENTS_TO_CHECK_IRSA_OS)" echo " -s Disable pod spawn for IRSA and connectivity verification." echo " By default, the script spawns jobs in the specified namespace to perform" echo " IRSA checks and network connectivity tests. These jobs use the amazonlinux:latest" diff --git a/checks/kube/connectivity.sh b/checks/kube/connectivity.sh index 977de21..d672c75 100755 --- a/checks/kube/connectivity.sh +++ b/checks/kube/connectivity.sh @@ -8,11 +8,11 @@ DIR_NAME=$(dirname "$0") LVL_1_SCRIPT_NAME="$DIR_NAME/$SCRIPT_NAME" # Define default variables -NAMESPACE="" +NAMESPACE="${NAMESPACE:-""}" SKIP_CHECK_INGRESS_CLASS=0 usage() { - echo "Usage: $0 [-h] [-n NAMESPACE] [-d HELM_DEPLOYMENT_NAME]" + echo "Usage: $0 [-h] [-n NAMESPACE]" echo "Options:" echo " -h Display this help message" echo " -n NAMESPACE Specify the namespace to use" diff --git a/checks/kube/deployment.sh b/checks/kube/deployment.sh index 6e90c51..75928f8 100755 --- a/checks/kube/deployment.sh +++ b/checks/kube/deployment.sh @@ -8,10 +8,13 @@ DIR_NAME=$(dirname "$0") LVL_1_SCRIPT_NAME="$DIR_NAME/$SCRIPT_NAME" # Define default variables -NAMESPACE="" -HELM_DEPLOYMENT_NAME="camunda" +NAMESPACE="${NAMESPACE:-""}" +HELM_DEPLOYMENT_NAME="${HELM_DEPLOYMENT_NAME:-"camunda"}" SKIP_CHECK_HELM_DEPLOYMENT=0 -REQUIRED_CONTAINERS=("connector" "optimize" "zeebe" "zeebe-gateway") + +DEFAULT_REQUIRED_CONTAINERS="connector,optimize,zeebe,zeebe-gateway" +REQUIRED_CONTAINERS=() +IFS=',' read -ra REQUIRED_CONTAINERS <<< "$DEFAULT_REQUIRED_CONTAINERS" usage() { echo "Usage: $0 [-h] [-n NAMESPACE] [-d HELM_DEPLOYMENT_NAME]" @@ -20,7 +23,7 @@ usage() { echo " -n NAMESPACE Specify the namespace to use" echo " -d HELM_DEPLOYMENT_NAME Specify the name of the helm deployment (default: $HELM_DEPLOYMENT_NAME)" echo " -l Skip checks of the helm deployment (default: $SKIP_CHECK_HELM_DEPLOYMENT)" - echo " -c REQUIRED_CONTAINERS Specify the list of containers to check (comma-separated, default: ${REQUIRED_CONTAINERS[*]})" + echo " -c Specify the list of containers to check (comma-separated, default: ${DEFAULT_REQUIRED_CONTAINERS})" exit 1 } diff --git a/checks/zeebe/connectivity.sh b/checks/zeebe/connectivity.sh index 8478901..1900d7e 100755 --- a/checks/zeebe/connectivity.sh +++ b/checks/zeebe/connectivity.sh @@ -8,42 +8,44 @@ DIR_NAME=$(dirname "$0") LVL_1_SCRIPT_NAME="$DIR_NAME/$SCRIPT_NAME" # Define default variables -ZEEBE_HOST="" -PROTO_FILE="" +ZEEBE_HOST="${ZEEBE_HOST:-""}" +PROTO_FILE="${PROTO_FILE:-""}" SKIP_TLS_VERIFICATION="" EXTRA_FLAGS_CURL="" EXTRA_FLAGS_GRPCURL="" EXTRA_FLAGS_ZBCTL="" EXTRA_FLAGS_TOKEN="" -CACERT="" -CLIENTCERT="" -ZEEBE_AUTHORIZATION_SERVER_URL="" -ZEEBE_CLIENT_ID="" -ZEEBE_CLIENT_SECRET="" -ZEEBE_TOKEN_AUDIENCE="" -ZEEBE_TOKEN_SCOPE="camunda-identity" -API_PROTOCOL="grpc" +CACERT="${CACERT:-""}" +CLIENTCERT="${CLIENTCERT:-""}" +ZEEBE_AUTHORIZATION_SERVER_URL="${ZEEBE_AUTHORIZATION_SERVER_URL:-""}" +ZEEBE_CLIENT_ID="${ZEEBE_CLIENT_ID:-""}" +ZEEBE_CLIENT_SECRET="${ZEEBE_CLIENT_SECRET:-""}" +ZEEBE_TOKEN_AUDIENCE="${ZEEBE_TOKEN_AUDIENCE:-""}" +ZEEBE_TOKEN_SCOPE="${ZEEBE_TOKEN_SCOPE:-"camunda-identity"}" +API_PROTOCOL="${API_PROTOCOL:-"grpc"}" # renovate: datasource=github-releases depName=camunda/zeebe -ZEEBE_VERSION="8.6.5" +ZEEBE_DEFAULT_VERSION="8.6.5" +ZEEBE_VERSION="${ZEEBE_VERSION:-$ZEEBE_DEFAULT_VERSION}" # Function to display script usage usage() { - echo "Usage: $0 [-h] [-H ZEEBE_HOST]" + echo "Usage: $0 [-h] [-H ZEEBE_HOST] [-p ZEEBE_VERSION] [-f PROTO_FILE] [-k] [-r CACERT] [-j CLIENTCERT]" + echo " [-a ZEEBE_AUTHORIZATION_SERVER_URL] [-i ZEEBE_CLIENT_ID] [-s ZEEBE_CLIENT_SECRET]" + echo " [-u ZEEBE_TOKEN_AUDIENCE] [-q API_PROTOCOL]" echo "Options:" echo " -h Display this help message" echo " -H ZEEBE_HOST Specify the Zeebe host with the port (e.g., zeebe.c8.camunda.example.com:443)" - echo " -p ZEEBE_VERSION Specify the Zeebe version (default is latest version: $ZEEBE_VERSION)" - echo " -f PROTO_FILE Specify the path to gateway.proto file or leave empty to download it (default behavior is to download the protofile)" + echo " -p ZEEBE_VERSION Specify the Zeebe version (default is the latest version: $ZEEBE_VERSION)" + echo " -f PROTO_FILE Specify the path to the gateway.proto file or leave empty to download it (default behavior is to download the proto file)" echo " -k Skip TLS verification (insecure mode)" - echo " -r CACERT Specify the path to CA certificate file" - echo " -j CLIENTCERT Specify the path to Client certificate file" - echo " -a ZEEBE_AUTHORIZATION_SERVER_URL Specify the authorization server URL (e.g.: https://local.distro.example.com/auth/realms/camunda-platform/protocol/openid-connect/t -oken)" + echo " -r CACERT Specify the path to the CA certificate file" + echo " -j CLIENTCERT Specify the path to the client certificate file" + echo " -a ZEEBE_AUTHORIZATION_SERVER_URL Specify the authorization server URL (e.g., https://local.distro.example.com/auth/realms/camunda-platform/protocol/openid-connect/token)" echo " -i ZEEBE_CLIENT_ID Specify the client ID" echo " -s ZEEBE_CLIENT_SECRET Specify the client secret" echo " -u ZEEBE_TOKEN_AUDIENCE Specify the token audience" - echo " -q API_PROTOCOL Specify the API protocol (e.g. http or grpc - default is grpc)" + echo " -q API_PROTOCOL Specify the API protocol (e.g., http or grpc - default is grpc)" exit 1 } diff --git a/checks/zeebe/token.sh b/checks/zeebe/token.sh index e4cdc82..ccd4f98 100755 --- a/checks/zeebe/token.sh +++ b/checks/zeebe/token.sh @@ -8,28 +8,28 @@ DIR_NAME=$(dirname "$0") LVL_1_SCRIPT_NAME="$DIR_NAME/$SCRIPT_NAME" # Define default variables -ZEEBE_AUTHORIZATION_SERVER_URL="" -ZEEBE_CLIENT_ID="" -ZEEBE_CLIENT_SECRET="" -ZEEBE_TOKEN_AUDIENCE="" +ZEEBE_AUTHORIZATION_SERVER_URL="${ZEEBE_AUTHORIZATION_SERVER_URL:-""}" +ZEEBE_CLIENT_ID="${ZEEBE_CLIENT_ID:-""}" +ZEEBE_CLIENT_SECRET="${ZEEBE_CLIENT_SECRET:-""}" +ZEEBE_TOKEN_AUDIENCE="${ZEEBE_TOKEN_AUDIENCE:-""}" SKIP_TLS_VERIFICATION="" -CACERT="" -CLIENTCERT="" +CACERT="${CACERT:-""}" +CLIENTCERT="${CLIENTCERT:-""}" EXTRA_FLAGS_CURL="" # Function to display script usage usage() { - echo "Usage: $0 [-h] [-a AUTH_SERVER_URL] [-i CLIENT_ID] [-s CLIENT_SECRET] [-u TOKEN_AUDIENCE]" + echo "Usage: $0 [-h] [-a ZEEBE_AUTHORIZATION_SERVER_URL] [-i ZEEBE_CLIENT_ID] [-s ZEEBE_CLIENT_SECRET] [-u ZEEBE_TOKEN_AUDIENCE]" + echo " [-k] [-r CACERT] [-j CLIENTCERT]" echo "Options:" echo " -h Display this help message" - echo " -a ZEEBE_AUTHORIZATION_SERVER_URL Specify the authorization server URL (e.g.: https://local.distro.ultrawombat.com/auth/realms/camunda-platform/protocol/openid-connect/t -oken)" + echo " -a ZEEBE_AUTHORIZATION_SERVER_URL Specify the authorization server URL (e.g., https://local.distro.ultrawombat.com/auth/realms/camunda-platform/protocol/openid-connect/token)" echo " -i ZEEBE_CLIENT_ID Specify the client ID" echo " -s ZEEBE_CLIENT_SECRET Specify the client secret" echo " -u ZEEBE_TOKEN_AUDIENCE Specify the token audience" echo " -k Skip TLS verification (insecure mode)" - echo " -r CACERT Specify the path to CA certificate file" - echo " -j CLIENTCERT Specify the path to client certificate file" + echo " -r CACERT Specify the path to the CA certificate file" + echo " -j CLIENTCERT Specify the path to the client certificate file" exit 1 }