|
| 1 | +#!/usr/bin/env bash |
| 2 | + |
| 3 | +# Prerequisites |
| 4 | +# * https://github.com/ko-build/ko/releases/tag/v0.16.0 |
| 5 | + |
| 6 | +set -o nounset |
| 7 | +set -o errexit |
| 8 | +set -o pipefail |
| 9 | +set -o xtrace |
| 10 | + |
| 11 | +: ${VEN_API_KEY?} |
| 12 | +: ${VEN_OWNING_TEAM?} |
| 13 | + |
| 14 | +script_dir=$(cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd) |
| 15 | +root_dir=$(cd "${script_dir}/.." && pwd) |
| 16 | + |
| 17 | +cd "${script_dir}" |
| 18 | + |
| 19 | +export VERSION=0.1.49 |
| 20 | +export TERM=dumb |
| 21 | +OCI_BASE=ttl.sh/63773370-0bcf-4ac0-bd42-5515616089ff |
| 22 | +export KO_DOCKER_REPO=$OCI_BASE/images/venafi-agent |
| 23 | + |
| 24 | +ko build . --bare --tags "v${VERSION}" |
| 25 | +helm package deploy/charts/venafi-kubernetes-agent --version "${VERSION}" |
| 26 | +helm push venafi-kubernetes-agent-${VERSION}.tgz "oci://${OCI_BASE}/charts" |
| 27 | + |
| 28 | +kind create cluster || true |
| 29 | + |
| 30 | +kubectl create ns venafi || true |
| 31 | + |
| 32 | +# Pull secret for Venafi OCI registry |
| 33 | +if ! kubectl get secret venafi-image-pull-secret -n venafi; then |
| 34 | + venctl iam service-accounts registry create \ |
| 35 | + --no-prompts \ |
| 36 | + --owning-team "${VEN_OWNING_TEAM}" \ |
| 37 | + --name "venafi-kubernetes-agent-e2e-registry-${RANDOM}" \ |
| 38 | + --scopes enterprise-cert-manager,enterprise-venafi-issuer,enterprise-approver-policy \ |
| 39 | + | jq '{ |
| 40 | + "apiVersion": "v1", |
| 41 | + "kind": "Secret", |
| 42 | + "metadata": { |
| 43 | + "name": "venafi-image-pull-secret" |
| 44 | + }, |
| 45 | + "type": "kubernetes.io/dockerconfigjson", |
| 46 | + "stringData": { |
| 47 | + ".dockerconfigjson": { |
| 48 | + "auths": { |
| 49 | + "\(.oci_registry)": { |
| 50 | + "username": .username, |
| 51 | + "password": .password |
| 52 | + } |
| 53 | + } |
| 54 | + } | tostring |
| 55 | + } |
| 56 | + }' \ |
| 57 | + | kubectl create -n venafi -f - |
| 58 | +fi |
| 59 | + |
| 60 | +# Service account credentials for venafi-kubernetes-agent |
| 61 | +if ! kubectl get secret agent-credentials -n venafi; then |
| 62 | + venctl iam service-account agent create \ |
| 63 | + --no-prompts \ |
| 64 | + --owning-team "${VEN_OWNING_TEAM}" \ |
| 65 | + --name "venafi-kubernetes-agent-e2e-agent-${RANDOM}" \ |
| 66 | + | jq '{ |
| 67 | + "apiVersion": "v1", |
| 68 | + "kind": "Secret", |
| 69 | + "metadata": { |
| 70 | + "name": "agent-credentials" |
| 71 | + }, |
| 72 | + "stringData": { |
| 73 | + "privatekey.pem": .private_key, |
| 74 | + "client-id": .client_id |
| 75 | + } |
| 76 | + }' \ |
| 77 | + | kubectl create -n venafi -f - |
| 78 | +fi |
| 79 | + |
| 80 | +# export VENAFI_KUBERNETES_AGENT_CLIENT_ID=$(kubectl get secret -n venafi agent-credentials -o jsonpath='{.data.client-id}' | base64 -d) |
| 81 | +export VENAFI_KUBERNETES_AGENT_CLIENT_ID="" |
| 82 | +venctl components kubernetes apply \ |
| 83 | + --venafi-kubernetes-agent \ |
| 84 | + --venafi-kubernetes-agent-version "$VERSION" \ |
| 85 | + --venafi-kubernetes-agent-values-files "${script_dir}/values.venafi-kubernetes-agent.yaml" \ |
| 86 | + --venafi-kubernetes-agent-custom-image-registry "${OCI_BASE}/images" \ |
| 87 | + --venafi-kubernetes-agent-custom-chart-repository "oci://${OCI_BASE}/charts" |
0 commit comments