feat: dump kubeconfig on entrypoint (#31)

oliverbaehler · web-flow · commit 929b68860210 · 2023-05-05T15:44:42.000+02:00
diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -15,11 +15,9 @@ builds:
     goarch:
       - amd64
       - arm64
-      - arm
     goos:
       - linux
       - darwin
-      - windows
     flags:
       - -trimpath
     mod_timestamp: '{{ .CommitTimestamp }}'
@@ -28,13 +26,6 @@ builds:
         -X github.com/buttahtoast/subst/subst/cmd.Version={{ .Tag }}
         -X github.com/buttahtoast/subst/subst/cmd.GitCommit={{ .Commit }}
         -X github.com/buttahtoast/subst/subst/cmd.BuildDate={{ .Date }}
-archives:
-  - format_overrides:
-      - goos: windows
-        format: zip
-    files:
-      - LICENSE
-      - README.md
 release:
   footer: |
     **Full Changelog**: https://github.com/buttahtoast/{{ .ProjectName }}/compare/{{ .PreviousTag }}...{{ .Tag }}
@@ -51,7 +42,9 @@ checksum:
 snapshot:
   name_template: "{{ .Tag }}-next"
 dockers:
-  - image_templates: [ "ghcr.io/buttahtoast/{{ .ProjectName }}:{{ .Tag }}" ]
+  - image_templates: 
+      - "ghcr.io/buttahtoast/{{ .ProjectName }}:{{ .Tag }}"
+      - "ghcr.io/buttahtoast/{{ .ProjectName }}:latest"
     dockerfile: Dockerfile
     goos: linux
     goarch: amd64
@@ -93,8 +86,10 @@ dockers:
   #    - "--label=io.artifacthub.package.readme-url=https://raw.githubusercontent.com/buttahtoast/subst/main/README.md"
   #    - "--label=io.artifacthub.package.logo-url=https://github.com/buttahtoast/subst/raw/main/img/subst.png"
   #    - "--label=io.artifacthub.package.license=Apache-2.0"
-  - image_templates: [ "ghcr.io/buttahtoast/{{ .ProjectName }}-cmp:{{ .Tag }}" ]
-    dockerfile: Dockerfile.argo-cmp
+  - image_templates: 
+    - "ghcr.io/buttahtoast/{{ .ProjectName }}-cmp:{{ .Tag }}"
+    - "ghcr.io/buttahtoast/{{ .ProjectName }}-cmp:latest"
+    dockerfile: argocd-cmp/Dockerfile
     goos: linux
     goarch: amd64
     use: buildx
@@ -116,6 +111,7 @@ dockers:
       - "--label=io.artifacthub.package.license=Apache-2.0"
     extra_files:
     - argocd-cmp/cmp.yaml
+    - argocd-cmp/entrypoint.sh
   #- image_templates: [ "ghcr.io/buttahtoast/{{ .ProjectName }}-cmp:{{ .Tag }}" ]
   #  dockerfile: Dockerfile.argo-cmp
   #  goos: linux
@@ -184,13 +180,13 @@ docker_signs:
   - 'sign'
   - '${artifact}@${digest}'
   - --yes
-brews:
-  - tap:
-      owner: buttahtoast
-      name: subst
-      branch: main
-    license: Apache-2.0
-    homepage: "github.com/buttahtoast/subst"
-    description: "subst - Substitution based on Kustomize"
-    post_install: |
-      puts '🌈 subst installed 🌈'
+#brews:
+#  - tap:
+#      owner: buttahtoast
+#      name: subst
+#      branch: main
+#    license: Apache-2.0
+#    homepage: "github.com/buttahtoast/subst"
+#    description: "subst - Substitution based on Kustomize"
+#    post_install: |
+#      puts '🌈 subst installed 🌈'
diff --git a/argocd-cmp/Dockerfile b/argocd-cmp/Dockerfile
@@ -0,0 +1,11 @@
+
+FROM bash:5
+ENV KUBECONFIG=/etc/kubernetes/kubeconfig
+COPY subst /subst
+COPY argocd-cmp/cmp.yaml /home/argocd/cmp-server/config/plugin.yaml
+COPY argocd-cmp/entrypoint.sh /entrypoint.sh
+RUN adduser -H -D -s /bin/bash -G nobody -u 999 argocd && \
+    chmod +x /entrypoint.sh
+USER argocd:nobody
+ENTRYPOINT ["/entrypoint.sh"]
+
diff --git a/argocd-cmp/cmp.yaml b/argocd-cmp/cmp.yaml
@@ -14,4 +14,4 @@ spec:
     - bash
     - -c
     - |
-        /subst render  . --secret-name ${ARGOCD_APP_NAME} --secret-namespace argocd --env-regex "^ARGOCD_ENV_.*$" --must-decrypt --kubeconfig /etc/kubernetes/admin.conf
+        /subst render "." --secret-name "${ARGOCD_APP_NAME}" --secret-namespace  "argocd" --env-regex "^ARGOCD_ENV_.*$" --must-decrypt --kubeconfig "/etc/kubernetes/kubeconfig"
diff --git a/argocd-cmp/entrypoint.sh b/argocd-cmp/entrypoint.sh
@@ -0,0 +1,44 @@
+#!/bin/sh
+
+# Create Kubeconfig, if possible (CMP does not have access to the CLuster Kubernetes environment Variables, therefore we need to pass them in)
+if [ -f "/etc/kubernetes/kubeconfig" ]; then
+  echo "🦄 /etc/kubernetes/kubeconfig already present"
+else 
+  # Create Kubeconfig, if possible (CMP does not have access to the CLuster Kubernetes environment Variables, therefore we need to pass them in)
+  TOKEN=""
+  if [ -f "/var/run/secrets/kubernetes.io/serviceaccount/token" ]; then
+    TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
+  fi
+  CA=""
+  if [ -f "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" ]; then
+    CA=$(cat /var/run/secrets/kubernetes.io/serviceaccount/ca.crt | base64 -w0)
+  fi
+  if [ -z "$TOKEN" ] || [ -z "$CA" ]; then
+    echo "💥 Unable to create Kubeconfig"
+  else 
+cat <<EOF > "/etc/kubernetes/kubeconfig"
+apiVersion: v1
+clusters:
+- cluster:
+    certificate-authority-data: ${CA}
+    server: https://kubernetes.default.svc
+  name: default-cluster
+contexts:
+- context:
+    cluster: default-cluster
+    namespace: default
+    user: default-auth
+  name: default-context
+current-context: default-context
+kind: Config
+preferences: {}
+users:
+- name: default-auth
+  user:
+    token: ${TOKEN}
+EOF
+    echo "🦄 Kubeconfig Created"
+  fi
+fi
+
+exec "$@"
