-
Notifications
You must be signed in to change notification settings - Fork 1
/
run.sh
executable file
·244 lines (206 loc) · 8.26 KB
/
run.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
#!/usr/bin/env bash
set -e
export VERSION=${VERSION:-5.8.0}
export CAS_VERSION=${CAS_VERSION:-$VERSION}
export RED='\e[31m'
export BLUE='\e[34m'
export ORANGE='\e[33m'
export NC='\e[0m' # No Color
APP_NAMESPACE=""
source release.sh 2> /dev/null || true # get release name
DEFAULT_NAMESPACE="" # Default Kubernetes namespace to use
export APP_IMAGE_REPO=${APP_IMAGE_REPO:=""} # Must be defined!
export SCONECTL_REPO=${SCONECTL_REPO:-"registry.scontain.com/sconectl"}
export UPLOAD_MODE=${UPLOAD_MODE:-"EncryptedManifest"}
# print an error message on an error exit
trap 'last_command=$current_command; current_command=$BASH_COMMAND' DEBUG
trap 'if [ $? -ne 0 ]; then echo -e "${RED}\"${last_command}\" command failed - exiting.${NC}"; fi' EXIT
help_flag="--help"
ns_flag="--namespace"
ns_short_flag="-n"
repo_flag="--image-repo"
repo_short_flag="-i"
verbose_flag="-v"
verbose=""
release_flag="--release"
release_short_flag="-r"
verbose=""
debug_flag="--debug"
debug_short_flag="-d"
debug=""
cas_flag="--cas"
cas_namespace_flag="--cas-namespace"
ns="$DEFAULT_NAMESPACE"
repo="$APP_IMAGE_REPO"
release="${RELEASE:=pythonapp}"
export CAS=${CAS:="cas"}
export CAS_NAMESPACE=${CAS_NAMESPACE:="scone-system"}
error_exit() {
trap '' EXIT
echo -e "${RED}$1${NC}"
exit 1
}
usage ()
{
echo ""
echo "Usage:"
echo " run.sh [$ns_flag <kubernetes-namespace>] [$repo_flag <image repo>] [$release_flag <release name>] [$verbose_flag] [$help_flag]"
echo ""
echo ""
echo "Builds the application described in service.yaml.template and mesh.yaml.template and deploys"
echo "it into your kubernetes cluster."
echo ""
echo "Options:"
echo " $ns_short_flag | $ns_flag"
echo " The Kubernetes namespace in which the application should be deployed on the cluster."
echo " Default value: \"$DEFAULT_NAMESPACE\""
echo " $release_flag | $release_short_flag"
echo " The helm release name of the application. "
echo " Default value defined in file 'release.sh': RELEASE=\"$RELEASE\""
echo " $repo_short_flag | $repo_flag"
echo " Container image repository to use for pushing the generated confidential image"
echo " Default value is defined by environment variable:"
echo " export APP_IMAGE_REPO=\"$APP_IMAGE_REPO\""
echo " $verbose_flag"
echo " Enable verbose output"
echo " $debug_flag | $debug_short_flag"
echo " Create debug image instead of a production image"
echo " $cas_flag"
echo " Set the name of the CAS service that we should use. Default is $CAS"
echo " $cas_namespace_flag"
echo " Set the namespace of the CAS service that we should use. Default is $CAS_NAMESPACE"
echo " $help_flag"
echo " Output this usage information and exit."
echo ""
echo "By default this uses the latest release of the SCONE Elements images: By setting environment variable"
echo " export VERSION=\"<VERSION>\""
echo "you can select a different version. Currently selected version is $VERSION."
echo "To use image from a different repository (e.g., a local cache), set "
echo " export SCONECTL_REPO (=\"$SCONECTL_REPO\")"
echo "to the repo you want to use instead. Currently selected repo is $SCONECTL_REPO."
echo "By default this uses the latest release of the CAS: By setting environment variable"
echo " export CAS_VESION=\"<CAS_VERSION>\""
echo "you can select a different version. Currently selected version is $CAS_VERSION."
return
}
##### Parsing arguments
while [[ "$#" -gt 0 ]]; do
case $1 in
${ns_flag} | ${ns_short_flag})
ns="$2"
if [ ! -n "${ns}" ]; then
usage
error_exit "Error: The namespace '$ns' is invalid."
fi
shift # past argument
shift || true # past value
;;
${repo_flag} | ${repo_short_flag})
repo="$2"
if [ ! -n "${repo}" ]; then
usage
error_exit "Error: The repo name '$repo' is invalid."
fi
shift # past argument
shift || true # past value
;;
${release_flag} | ${release_short_flag})
release="$2"
if [ ! -n "${release}" ]; then
usage
error_exit "Error: The release name '$release' is invalid."
fi
shift # past argument
shift || true # past value
;;
${verbose_flag})
verbose="-vvvvvvvv"
shift # past argument
;;
${debug_flag} | ${debug_short_flag})
debug="--mode=debug"
shift # past argument
;;
${cas_flag})
export CAS="$2"
if [ ! -n "${CAS}" ]; then
usage
error_exit "Error: The cas name '$CAS' is invalid."
fi
shift # past argument
shift || true # past value
;;
${cas_namespace_flag})
export CAS_NAMESPACE="$2"
if [ ! -n "${CAS_NAMESPACE}" ]; then
usage
error_exit "Error: The cas namespace '$CAS_NAMESPACE' is invalid."
fi
shift # past argument
shift || true # past value
;;
$help_flag)
usage
exit 0
;;
*)
usage
error_exit "Error: Unknown parameter passed: $1";
;;
esac
done
if [ ! -n "${ns}" ]; then
namespace_arg=""
else
namespace_arg="${ns_flag} ${ns} "
fi
if [ "${repo}" == "" ]; then
if [ "$APP_IMAGE_REPO" == "" ]; then
usage
error_exit "Error: You must specify a repo."
fi
else
export APP_IMAGE_REPO="${APP_IMAGE_REPO:-$repo}"
fi
export RELEASE="$release"
if [ -z "$APP_NAMESPACE" ] ; then
export APP_NAMESPACE="$RELEASE-$RANDOM-$RANDOM"
echo -e "export APP_NAMESPACE=$RELEASE-$RANDOM-$RANDOM\n" >> release.sh
else
echo "CAS Namespace already defined: $APP_NAMESPACE"
fi
if [ "${RELEASE}" == "" ]; then
usage
error_exit "Error: You must specify a release using ${release_flag}."
fi
# Check to make sure all prerequisites are installed
./check_prerequisites.sh
echo -e "${BLUE}Checking that we have access to the base container image${NC}"
echo -e "${BLUE}If the image is not yet available locally, it will be pulled. This might take some time.${NC}"
docker inspect $SCONECTL_REPO/sconecli:${VERSION} > /dev/null 2> /dev/null || docker pull $SCONECTL_REPO/sconecli:${VERSION} > /dev/null 2> /dev/null || {
echo -e "${RED}You must get access to image \"${SCONECTL_REPO}/sconecli:${VERSION}\".${NC}"
error_exit "Please send email [email protected] to ask for access"
}
# echo -e "${BLUE}let's ensure that we build everything from scratch${NC}"
# rm -rf target || echo -e "${ORANGE} Failed to delete target directory - ignoring this! ${NC}"
echo -e "${BLUE}build service image:${NC} apply -f service.yaml"
echo -e "${BLUE} - if the push fails, add --no-push to avoid pushing the image, or${NC}"
echo -e "${BLUE} change in file '${ORANGE}service.yaml${BLUE}' field '${ORANGE}build.to${BLUE}' to a container repo to which you have permission to push.${NC}"
SCONE="\$SCONE" envsubst < service.yaml.template > service.yaml
sconectl apply -f service.yaml $verbose $debug --set-version ${VERSION}
echo -e "${BLUE}Determine the keys of CAS instance '$CAS' in namespace '$CAS_NAMESPACE'"
source <(VERSION="$CAS_VERSION" kubectl provision cas "$CAS" -n "$CAS_NAMESPACE" --print-public-keys || exit 1)
echo -e "${BLUE}build application and pushing policies:${NC} apply -f mesh.yaml"
echo -e "${BLUE} - this fails, if you do not have access to the SCONE CAS namespace"
echo -e " - update the namespace '${ORANGE}policy.namespace${NC}' to a unique name in '${ORANGE}mesh.yaml${NC}'"
export CAS_URL="${CAS}.${CAS_NAMESPACE}"
SCONE="\$SCONE" envsubst < mesh.yaml.template > mesh.yaml
sconectl apply -f mesh.yaml --release "$RELEASE" $verbose $debug --set-version ${VERSION}
echo -e "${BLUE}install/upgrade application:${NC} helm install ${namespace_arg} ${RELEASE} target/helm/"
helm upgrade --install $namespace_arg ${release} target/helm/
pod_name=`kubectl get pods ${namespace_arg} -o name |grep -w $RELEASE`
echo -e "${BLUE}Check the logs by executing:${NC} kubectl logs ${pod_name} ${namespace_arg}"
echo -e "${BLUE}Uninstall by executing:${NC} helm uninstall ${RELEASE} ${namespace_arg}"
# check_pods uses environment variables ns, RELEASE, and APP_NAME
# - ns and RELEASE are already set (but ns is not exported)
ns=$ns APP_NAME="pythonservice" ./check_pods.sh