You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
114 lines
5.1 KiB
Bash
114 lines
5.1 KiB
Bash
4 years ago
|
#!/usr/bin/env bash
|
||
|
# vim:ts=4:sts=4:sw=4:et
|
||
|
#
|
||
|
# Author: Hari Sekhon
|
||
|
# Date: 2020-11-03 14:24:44 +0000 (Tue, 03 Nov 2020)
|
||
|
#
|
||
2 years ago
|
# https://github.com/HariSekhon/DevOps-Bash-tools
|
||
4 years ago
|
#
|
||
|
# License: see accompanying Hari Sekhon LICENSE file
|
||
|
#
|
||
|
# If you're using my code you're welcome to connect with me on LinkedIn and optionally send me feedback to help steer this or other code I publish
|
||
|
#
|
||
|
# https://www.linkedin.com/in/HariSekhon
|
||
|
#
|
||
|
|
||
|
set -euo pipefail
|
||
|
[ -n "${DEBUG:-}" ] && set -x
|
||
|
srcdir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||
|
|
||
1 year ago
|
# shellcheck disable=SC1090,SC1091
|
||
4 years ago
|
. "$srcdir/lib/utils.sh"
|
||
|
|
||
1 year ago
|
# shellcheck disable=SC1090,SC1091
|
||
4 years ago
|
. "$srcdir/lib/kubernetes.sh"
|
||
|
|
||
4 years ago
|
# shellcheck disable=SC2034,SC2154
|
||
|
usage_description="
|
||
4 years ago
|
Runs a kubectl command safely fixed to a GKE cluster by generating an isolated fixed config for the lifetime of this script
|
||
4 years ago
|
|
||
4 years ago
|
Avoids concurrency race conditions with other concurrently executing commands or scripts by avoiding using or changing the global kubectl context
|
||
4 years ago
|
|
||
|
Eg. running:
|
||
|
|
||
4 years ago
|
kubectl config use-context
|
||
|
or
|
||
4 years ago
|
gcloud container clusters get-credentials
|
||
|
|
||
4 years ago
|
either by your hand or in other concurrently executing scripts changes your global kubectl context to run on the given cluster, which could divert your command or concurrently long running scripts in other windows to run kubectl commands on the wrong cluster, leading to cross environment misconfigurations and real world outages (I've seen this personally)
|
||
4 years ago
|
|
||
4 years ago
|
If GKE_CONTEXT is set in the environment and matches a pre-existing context, skips pulling GKE creds for speed and noise reduction.
|
||
4 years ago
|
|
||
3 years ago
|
If GKE_CONTEXT is not set then requires the following to be set in the environment in order to obtain the credentials to the GKE cluster (will try to auto-infer from gcloud config if not set):
|
||
4 years ago
|
|
||
3 years ago
|
CLOUDSDK_CORE_PROJECT - project containing your GKE cluster
|
||
|
CLOUDSDK_COMPUTE_REGION - region containing your GKE cluster
|
||
|
CLOUDSDK_CONTAINER_CLUSTER - name of your GKE cluster
|
||
4 years ago
|
|
||
3 years ago
|
If the CLOUDSDK variables are not set and cannot be inferred from gcloud config, then errors out. If they are set though, they may be pointing to the wrong project or region so it is recommended to set them
|
||
|
|
||
|
For frequent more convenient usage you will want to shorten the CLI by copying this script to a local copy in each cluster's yaml config directory and hardcoding the GKE_CONTEXT (use gke_kube_creds.sh to pre-populate the context and credentials) or CLOUDSDK_CORE_PROJECT, CLOUDSDK_COMPUTE_REGION and CLOUDSDK_CONTAINER_CLUSTER variables if pulling GKE creds.
|
||
4 years ago
|
|
||
|
Could also use main kube config with kubectl switches --cluster / --context (after configuring, see gke_kube_creds.sh), but this is more convenient, especially when hardcoded for the local copy in each cluster's k8s yaml dir
|
||
4 years ago
|
|
||
|
|
||
|
See Also:
|
||
|
|
||
|
gke_kube_creds.sh - auto-populates the credentials for all GKE clusters for your kubectl is ready to rock on GCP
|
||
4 years ago
|
"
|
||
|
|
||
|
# used by usage() in lib/utils.sh
|
||
|
# shellcheck disable=SC2034
|
||
4 years ago
|
usage_args="<kubectl_options>"
|
||
4 years ago
|
|
||
|
help_usage "$@"
|
||
|
|
||
4 years ago
|
min_args 1 "$@"
|
||
|
|
||
4 years ago
|
# ============================================================
|
||
4 years ago
|
# HARDCODE THIS SECTION FOR SHORTER CLI convenience
|
||
|
# REMOVE if hardcoding
|
||
4 years ago
|
|
||
4 years ago
|
#GKE_CONTEXT=gke_<myproject>_<myregion>_<clustername>
|
||
4 years ago
|
|
||
4 years ago
|
if [ -z "${GKE_CONTEXT:-}" ]; then
|
||
4 years ago
|
|
||
4 years ago
|
# fixed to this environment - thou shalt deploy to no other cluster from this script
|
||
4 years ago
|
|
||
4 years ago
|
# HARDCODE THESE for frequent shorter CLI usage
|
||
|
#CLOUDSDK_CORE_PROJECT=myproject
|
||
|
#CLOUDSDK_COMPUTE_REGION=europe-west1
|
||
3 years ago
|
#CLOUDSDK_CONTAINER_CLUSTER="$2" # eg. <myproject>-europe-west1
|
||
4 years ago
|
|
||
|
CLOUDSDK_CORE_PROJECT="${CLOUDSDK_CORE_PROJECT:-$(gcloud config list --format="get(core.project)")}"
|
||
|
CLOUDSDK_COMPUTE_REGION="${CLOUDSDK_COMPUTE_REGION:-$(gcloud config list --format="get(compute.region)")}"
|
||
3 years ago
|
CLOUDSDK_CONTAINER_CLUSTER="${CLOUDSDK_CONTAINER_CLUSTER:-$(gcloud config list --format="get(container.cluster)")}"
|
||
4 years ago
|
check_env_defined CLOUDSDK_CORE_PROJECT
|
||
|
check_env_defined CLOUDSDK_COMPUTE_REGION
|
||
3 years ago
|
check_env_defined CLOUDSDK_CONTAINER_CLUSTER
|
||
4 years ago
|
|
||
|
# if set and available in original kube config, will just copy config and switch to this context (faster and less noisy than re-pulling creds from GKE)
|
||
3 years ago
|
GKE_CONTEXT="gke_${CLOUDSDK_CORE_PROJECT}_${CLOUDSDK_COMPUTE_REGION}_${CLOUDSDK_CONTAINER_CLUSTER}"
|
||
4 years ago
|
fi
|
||
4 years ago
|
# ============================================================
|
||
|
|
||
4 years ago
|
kube_config_isolate
|
||
4 years ago
|
|
||
4 years ago
|
if ! gcloud auth application-default print-access-token >/dev/null; then
|
||
|
gcloud auth application-default login
|
||
|
fi
|
||
|
|
||
4 years ago
|
# if original kube config contains the context, copy and reuse it (faster and less noisy than re-pulling the creds from GKE), especially when called in script iterations
|
||
4 years ago
|
if [ -n "${GKE_CONTEXT:-}" ] &&
|
||
|
kubectl config get-contexts -o name | grep -Fxq "$GKE_CONTEXT"; then
|
||
4 years ago
|
# switch context if not already the current context (avoids repeating "switching context" output noise when this script it called iteratively in loop by other scripts)
|
||
4 years ago
|
if [ "$(kubectl config current-context)" != "$GKE_CONTEXT" ]; then
|
||
4 years ago
|
kubectl config use-context "$GKE_CONTEXT" >&2
|
||
4 years ago
|
fi
|
||
|
else
|
||
3 years ago
|
gcloud container clusters get-credentials "$CLOUDSDK_CONTAINER_CLUSTER" --region "$CLOUDSDK_COMPUTE_REGION" --project "$CLOUDSDK_CORE_PROJECT" >&2
|
||
4 years ago
|
echo >&2
|
||
|
fi
|
||
4 years ago
|
|
||
|
kubectl "$@"
|