config/shell/server/stack: allow subcommand binaries
This commit is contained in:
xeruf
parent
3155792de7
commit
f4fcab3d17
|
|
@ -3,14 +3,21 @@ _stackspin_cluster_cache=/var/tmp/stackspin-cluster
|
|||
|
||||
# Stackspin CLI Wrapper
|
||||
# Initialize once with "stack select example.org",
|
||||
# then it loads the last selected one on startup.
|
||||
# then it loads the last selected cluster on startup.
|
||||
# Presumes a mapping like the following in your ssh config:
|
||||
# Host example.org
|
||||
# Hostname [IP]
|
||||
stack() {
|
||||
case "$1" in
|
||||
test $# -lt 1 &&
|
||||
builtin cd "$STACKSPIN" &&
|
||||
echo "Usage: $0 <COMMAND> [args...]" &&
|
||||
echo "Inbuilt commands: select, sso, user, exec, pod, occ" &&
|
||||
return 1
|
||||
local command="$1"
|
||||
shift
|
||||
case "$command" in
|
||||
# stackspin administration
|
||||
(select) shift
|
||||
(select)
|
||||
export _cluster_name="$1"
|
||||
export _cluster_ip="$(ssh -G "$_cluster_name" | grep --max-count 1 "^hostname " | cut -d " " -f2-)"
|
||||
export CLUSTER_DIR="$STACKSPIN/clusters/$_cluster_name"
|
||||
|
|
@ -21,29 +28,35 @@ stack() {
|
|||
echo "$_cluster_name" >"$_stackspin_cluster_cache"
|
||||
builtin cd "$STACKSPIN"
|
||||
;;
|
||||
(sso) shift
|
||||
builtin cd "$STACKSPIN"
|
||||
(sso) builtin cd "$STACKSPIN"
|
||||
"$0" exec single-sign-on-login -- flask "$@";;
|
||||
(user)
|
||||
if test "$2" = "init"
|
||||
then mail="$3"
|
||||
shift 3
|
||||
if test "$1" = "init"
|
||||
then mail="$2"
|
||||
shift 2
|
||||
stack user create "$mail"
|
||||
stack user update "$mail" name "$*"
|
||||
echo "Initialized user '$*' with email '$mail'"
|
||||
else "$0" exec single-sign-on-login -- flask "$@"
|
||||
else "$0" exec single-sign-on-login -- flask "$command" "$@"
|
||||
fi;;
|
||||
# app clis via kubectl
|
||||
(occ) "$0" exec nc-nextcloud -it -- su www-data -s /bin/bash -c "php $*";;
|
||||
(exec) shift
|
||||
kubectl exec -n $("$0" pod "$1-[0-9]") "${@:2}";;
|
||||
(pod) shift
|
||||
kubectl get pods --all-namespaces --field-selector="status.phase=Running" -o=custom-columns=S:.metadata.namespace,N:.metadata.name --no-headers "${@:2}" | grep --color=never "$1";;
|
||||
(occ) "$0" exec nc-nextcloud -it -- su www-data -s /bin/bash -c "php $command $*";;
|
||||
(exec) kubectl exec -n $("$0" pod "$1-[0-9]") "${@:2}";;
|
||||
(pod)
|
||||
local podname=$1
|
||||
shift
|
||||
kubectl get pods --all-namespaces --field-selector="status.phase=Running" -o=custom-columns=S:.metadata.namespace,N:.metadata.name --no-headers "$@" | grep --color=never "$podname";;
|
||||
# stackspin bare
|
||||
(*) builtin cd "$STACKSPIN"
|
||||
if test $# -gt 1 -a "$1" = install
|
||||
then shift && "./install/install-$1.sh" || ./install/install-app.sh "$@"
|
||||
else python3 -m stackspin "$_cluster_name" "$@"
|
||||
(*) if which "$0-$command" >/dev/null 2>&1
|
||||
then "$0-$command" "$@"
|
||||
return $?
|
||||
fi
|
||||
builtin cd "$STACKSPIN"
|
||||
# Since the install command can also be given bare to install stackspin itself
|
||||
if test $# -gt 0 -a "$command" = install
|
||||
then "./install/install-$1.sh" || ./install/install-app.sh "$@"
|
||||
else python3 -m stackspin "$_cluster_name" "$command" "$@"
|
||||
# pip3 install -r requirements.txt
|
||||
fi;;
|
||||
esac
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,92 @@
|
|||
#!/bin/sh -e
|
||||
test $# -lt 1 &&
|
||||
echo "Usage: $0 <app> [subdomain] [repo] [namespace]" &&
|
||||
exit 1
|
||||
app=$1
|
||||
subdomain=${2:-$app}
|
||||
repo=${3:-$app}
|
||||
namespace=${4:-stackspout}
|
||||
cat <<EOF >$app-oauth-client.yaml
|
||||
apiVersion: hydra.ory.sh/v1alpha1
|
||||
kind: OAuth2Client
|
||||
metadata:
|
||||
name: $app-oauth-client
|
||||
# Has to live in the same namespace as the stackspin-$app-oauth-variables secret
|
||||
namespace: flux-system
|
||||
spec:
|
||||
# TODO copied from wekan: https://github.com/wekan/wekan/wiki/Keycloak
|
||||
grantTypes:
|
||||
- authorization_code
|
||||
- refresh_token
|
||||
- client_credentials
|
||||
- implicit
|
||||
responseTypes:
|
||||
- id_token
|
||||
- code
|
||||
scope: "openid profile email stackspin_roles"
|
||||
secretName: stackspin-$app-oauth-variables
|
||||
#redirectUris:
|
||||
# - https://$subdomain.\${domain}/oauth/openid/
|
||||
#tokenEndpointAuthMethod: client_secret_post
|
||||
EOF
|
||||
|
||||
cat <<EOF >$app-release.yaml
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: $app
|
||||
namespace: $namespace
|
||||
spec:
|
||||
releaseName: $app
|
||||
chart:
|
||||
spec:
|
||||
chart: $app
|
||||
version: # TODO
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: $repo
|
||||
namespace: flux-system
|
||||
interval: 5m
|
||||
valuesFrom:
|
||||
- kind: ConfigMap
|
||||
name: stackspin-$app-values
|
||||
optional: false
|
||||
# Allow overriding values by ConfigMap or Secret
|
||||
- kind: ConfigMap
|
||||
name: stackspin-$app-override
|
||||
optional: true
|
||||
- kind: Secret
|
||||
name: stackspin-$app-override
|
||||
optional: true
|
||||
EOF
|
||||
|
||||
cat <<EOF >$app-values-configmap.yaml
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: stackspin-$app-values
|
||||
namespace: $namespace
|
||||
data:
|
||||
values.yaml: |
|
||||
# TODO verify structure matches chart
|
||||
ingress:
|
||||
enabled: true
|
||||
annotations:
|
||||
kubernetes.io/tls-acme: "true"
|
||||
hosts:
|
||||
- host: "$subdomain.\${domain}"
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
tls:
|
||||
- secretName: $app-tls
|
||||
hosts:
|
||||
- "$subdomain.\${domain}"
|
||||
# TODO Adjust OIDC SSO to service
|
||||
# - name: Stackspin
|
||||
# key: "\${client_id}"
|
||||
# secret: "\${client_secret}"
|
||||
# autoDiscoverUrl: 'https://sso.\${domain}/.well-known/openid-configuration'
|
||||
EOF
|
||||
|
||||
Loading…
Reference in New Issue