diff options
-rw-r--r-- | lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml | 67 |
1 files changed, 42 insertions, 25 deletions
diff --git a/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml b/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml index 1b55a6b12cd..4623636144a 100644 --- a/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml @@ -595,13 +595,44 @@ rollout 100%: fi } - # Finds any variables prefixed with `K8S_SECRET_`, and exports them as the - # global $K8S_VARIABLES with prefix removed. - function extract_prefixed_variables() { - prefix="K8S_SECRET_" - k8s_variables=$(env | (grep "^${prefix}" || [[ $? == 1 ]]) | sed "s/^${prefix}//") - - export K8S_VARIABLES=$k8s_variables + # Extracts variables prefixed with K8S_SECRET_ + # and creates a Kubernetes secret. + # + # e.g. if we have the following vars + # K8S_SECRET_A=value1 + # K8S_SECRET_B=multi\ word\ value + # + # Then we get: + # --from-literal K8S_SECRET_A=value1 --from-literal 'K8S_SECRET_B=multi word value' + # + # NOTE: We set IFS as we need to split by newline so that we can loop through + # multi word variables correctly. + function create_application_secret() { + bash -c ' + function extract_prefixed_variables() { + prefix="K8S_SECRET_" + k8s_variables=$(env | (grep "^${prefix}" || [[ $? == 1 ]])) + + export K8S_VARIABLES=$k8s_variables + } + + function create_secret() { + local IFS=$(echo -en "\n\b") + for k8s_variable in $K8S_VARIABLES; do + param="${k8s_variable#K8S_SECRET_}" + + fromLiteralArgs+=("--from-literal") + fromLiteralArgs+=("${param}") + done + + kubectl create secret \ + -n "$KUBE_NAMESPACE" generic "$APPLICATION_SECRET_NAME" ${fromLiteralArgs[@]} -o yaml \ + --dry-run | kubectl replace -n "$KUBE_NAMESPACE" --force -f - + } + + extract_prefixed_variables + create_secret + ' } function deploy() { @@ -629,22 +660,8 @@ rollout 100%: secret_name='' fi - extract_prefixed_variables - if [[ -n "$K8S_VARIABLES" ]]; then - echo "Prefixed CI variables found, creating secret..." - application_secret_name="${name}-secret" - fromLiteralArgs="" - - for k8s_variable in ${K8S_VARIABLES}; do - fromLiteralArgs="${fromLiteralArgs:+${fromLiteralArgs} }--from-literal=${k8s_variable}" - done - - # We want fromLiteralArgs to be interpreted as args, so don't quote it! - kubectl create secret -n "$KUBE_NAMESPACE" \ - generic "$application_secret_name" \ - ${fromLiteralArgs} \ - -o yaml --dry-run | kubectl replace -n "$KUBE_NAMESPACE" --force -f - - fi + export APPLICATION_SECRET_NAME="${name}-secret" + create_application_secret if [[ -n "$DB_INITIALIZE" && -z "$(helm ls -q "^$name$")" ]]; then echo "Deploying first release with database initialization..." @@ -658,7 +675,7 @@ rollout 100%: --set image.secrets[0].name="$secret_name" \ --set application.track="$track" \ --set application.database_url="$DATABASE_URL" \ - --set application.secretName="$application_secret_name" \ + --set application.secretName="$APPLICATION_SECRET_NAME" \ --set service.url="$CI_ENVIRONMENT_URL" \ --set replicaCount="$replicas" \ --set postgresql.enabled="$postgres_enabled" \ @@ -691,7 +708,7 @@ rollout 100%: --set image.secrets[0].name="$secret_name" \ --set application.track="$track" \ --set application.database_url="$DATABASE_URL" \ - --set application.secretName="$application_secret_name" \ + --set application.secretName="$APPLICATION_SECRET_NAME" \ --set service.url="$CI_ENVIRONMENT_URL" \ --set replicaCount="$replicas" \ --set postgresql.enabled="$postgres_enabled" \ |