🔨 Wrap OPA prerequisite resources creation in a bash script, resultin…

…g in cleaner synchronous installs (for both users and CI)
ndebuhr · Jul 12, 2021 · ee798bd · ee798bd
1 parent 930cfef
commit ee798bd
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 5 deletions.
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -44,10 +44,8 @@ jobs:
 
     - name: Install cluster-level workstation prerequisites
       run: |
-        kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper/release-3.5/deploy/gatekeeper.yaml
+        ./opa/gatekeeper.sh
         kubectl apply -f kubernetes/node-max-map-count.yaml
-        kubectl apply -f kubernetes/constraint-templates.yaml
-        sleep 60
 
     - name: Deploy to GKE
       working-directory: ./helm

diff --git a/README.md b/README.md
@@ -199,8 +199,7 @@ The `certbot.email` should be configured if you are using the Certbot option for
 
 Open Policy Agent is used for policy-based workstation controls and security.  Install with:
 ```bash
-kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper/release-3.5/deploy/gatekeeper.yaml
-kubectl apply -f kubernetes/constraint-templates.yaml
+./opa/gatekeeper.sh
 ```
 
 ### Update `vm.max_map_count` (Optional)

diff --git a/opa/gatekeeper.sh b/opa/gatekeeper.sh
@@ -0,0 +1,31 @@
+#!/usr/bin/env bash
+
+kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper/release-3.5/deploy/gatekeeper.yaml
+kubectl apply -f kubernetes/constraint-templates.yaml
+
+count=0
+echo "Constraint Template CRDs: Creating..."
+# Wait up to (approximately) three minutes for CRD registration
+while [ $count -le 180 ]
+do
+    kubectl get requiredlabels 2> /dev/null
+    requiredlabels=$?
+    kubectl get deploymentselector 2> /dev/null
+    deploymentselector=$?
+    # Exit code 0 means there were no resources found (desired behavior)
+    # Before CRD registration, the exit code for the get commands is 1
+    if [ $requiredlabels -ne 0 ] || [ $deploymentselector -ne 0 ]
+    then
+        echo "Constraint Template CRDs: Still creating..."
+        sleep 5
+        count=$(( count+5 ))
+    else
+        echo "Constraint Template CRDs: Creation complete"
+        exit 0
+    fi
+done
+echo "Constraint Template CRDs: Failed"
+# On failure, display stderr
+kubectl get requiredlabels
+kubectl get deploymentselector
+exit 3