diff options
| author | Thong Kuah <tkuah@gitlab.com> | 2018-12-12 13:18:50 +1300 |
|---|---|---|
| committer | Thong Kuah <tkuah@gitlab.com> | 2019-01-04 10:26:38 +1300 |
| commit | 4b92b5500b8d9cdbaa6e612b8f9a061624266cc4 (patch) | |
| tree | 6c5a4df38f8ac32712b0fcd9bc44f504abaf02b5 | |
| parent | a4833f6fe0b725a4ee312367a311ec075352fba2 (diff) | |
| download | gitlab-ce-4b92b5500b8d9cdbaa6e612b8f9a061624266cc4.tar.gz | |
Create K8S_SECRET_* CI variables as a K8s Secret
Find any CI variables from `env` which has a prefix. If there are any
such CI variables, strip prefix from variable name then create a generic
Kubernetes secret containing all these CI variables as key-value pairs.
Also, Pass in secretname to application container
The secretname may be present, if nil, the chart does nothing. If
present, the chart will load the key-value pairs from the secret into
the application container. See
https://gitlab.com/charts/auto-deploy-app/blob/master/README.md#configuration
| -rw-r--r-- | changelogs/unreleased/49056-configure-auto-devops-deployed-applications-with-secrets-that-aren-t-committed-to-the-repo.yml | 5 | ||||
| -rw-r--r-- | lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml | 28 |
2 files changed, 33 insertions, 0 deletions
diff --git a/changelogs/unreleased/49056-configure-auto-devops-deployed-applications-with-secrets-that-aren-t-committed-to-the-repo.yml b/changelogs/unreleased/49056-configure-auto-devops-deployed-applications-with-secrets-that-aren-t-committed-to-the-repo.yml new file mode 100644 index 00000000000..65efa85176b --- /dev/null +++ b/changelogs/unreleased/49056-configure-auto-devops-deployed-applications-with-secrets-that-aren-t-committed-to-the-repo.yml @@ -0,0 +1,5 @@ +--- +title: Configure Auto DevOps deployed applications with secrets from prefixed CI variables +merge_request: 23719 +author: +type: added diff --git a/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml b/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml index a9e361b0b32..1b55a6b12cd 100644 --- a/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml @@ -595,6 +595,15 @@ rollout 100%: fi } + # Finds any variables prefixed with `K8S_SECRET_`, and exports them as the + # global $K8S_VARIABLES with prefix removed. + function extract_prefixed_variables() { + prefix="K8S_SECRET_" + k8s_variables=$(env | (grep "^${prefix}" || [[ $? == 1 ]]) | sed "s/^${prefix}//") + + export K8S_VARIABLES=$k8s_variables + } + function deploy() { track="${1-stable}" percentage="${2:-100}" @@ -620,6 +629,23 @@ rollout 100%: secret_name='' fi + extract_prefixed_variables + if [[ -n "$K8S_VARIABLES" ]]; then + echo "Prefixed CI variables found, creating secret..." + application_secret_name="${name}-secret" + fromLiteralArgs="" + + for k8s_variable in ${K8S_VARIABLES}; do + fromLiteralArgs="${fromLiteralArgs:+${fromLiteralArgs} }--from-literal=${k8s_variable}" + done + + # We want fromLiteralArgs to be interpreted as args, so don't quote it! + kubectl create secret -n "$KUBE_NAMESPACE" \ + generic "$application_secret_name" \ + ${fromLiteralArgs} \ + -o yaml --dry-run | kubectl replace -n "$KUBE_NAMESPACE" --force -f - + fi + if [[ -n "$DB_INITIALIZE" && -z "$(helm ls -q "^$name$")" ]]; then echo "Deploying first release with database initialization..." helm upgrade --install \ @@ -632,6 +658,7 @@ rollout 100%: --set image.secrets[0].name="$secret_name" \ --set application.track="$track" \ --set application.database_url="$DATABASE_URL" \ + --set application.secretName="$application_secret_name" \ --set service.url="$CI_ENVIRONMENT_URL" \ --set replicaCount="$replicas" \ --set postgresql.enabled="$postgres_enabled" \ @@ -664,6 +691,7 @@ rollout 100%: --set image.secrets[0].name="$secret_name" \ --set application.track="$track" \ --set application.database_url="$DATABASE_URL" \ + --set application.secretName="$application_secret_name" \ --set service.url="$CI_ENVIRONMENT_URL" \ --set replicaCount="$replicas" \ --set postgresql.enabled="$postgres_enabled" \ |