Commit 900dd22a authored by Sandro Mathys's avatar Sandro Mathys
Browse files

CI: replace hardcoded strings with the appropriate variable

parent 661800aa
......@@ -37,11 +37,11 @@ stages:
# we `2>&1 || true` everything, because this template is used twice in the pipeline and thus it's likely we're trying to delete stuff that already doesn't exist.
# also, if the previous deploy job failed, we might find a mixed bag of existing resources.
- helm uninstall "${HELM_RELEASE}" 2>&1 || true
- kubectl --namespace "${NAMESPACE}" --server "${KUBE_APISERVER}" --token="${KUBE_TOKEN}" delete secret shibboleth-sp-helm-chart-certs 2>&1 || true
- kubectl --namespace "${NAMESPACE}" --server "${KUBE_APISERVER}" --token="${KUBE_TOKEN}" delete secret shibboleth-sp-helm-chart-sealer-keys 2>&1 || true
- kubectl --namespace "${NAMESPACE}" --server "${KUBE_APISERVER}" --token="${KUBE_TOKEN}" delete job shibboleth-sp-helm-chart-create-sealer-keys 2>&1 || true
- kubectl --namespace "${NAMESPACE}" --server "${KUBE_APISERVER}" --token="${KUBE_TOKEN}" delete rolebinding shibboleth-sp-helm-chart-sealer-keys-nanny 2>&1 || true
- kubectl --namespace "${NAMESPACE}" --server "${KUBE_APISERVER}" --token="${KUBE_TOKEN}" delete serviceaccount shibboleth-sp-helm-chart-sealer-keys-nanny 2>&1 || true
- kubectl --namespace "${NAMESPACE}" --server "${KUBE_APISERVER}" --token="${KUBE_TOKEN}" delete secret "${HELM_RELEASE}-certs" 2>&1 || true
- kubectl --namespace "${NAMESPACE}" --server "${KUBE_APISERVER}" --token="${KUBE_TOKEN}" delete secret "${HELM_RELEASE}-sealer-keys" 2>&1 || true
- kubectl --namespace "${NAMESPACE}" --server "${KUBE_APISERVER}" --token="${KUBE_TOKEN}" delete job "${HELM_RELEASE}-create-sealer-keys" 2>&1 || true
- kubectl --namespace "${NAMESPACE}" --server "${KUBE_APISERVER}" --token="${KUBE_TOKEN}" delete rolebinding "${HELM_RELEASE}-sealer-keys-nanny" 2>&1 || true
- kubectl --namespace "${NAMESPACE}" --server "${KUBE_APISERVER}" --token="${KUBE_TOKEN}" delete serviceaccount "${HELM_RELEASE}-sealer-keys-nanny" 2>&1 || true
prepare:
stage: prepare
......@@ -90,7 +90,7 @@ deploy:
- tags
interruptible: true
script:
- kubectl --namespace "${NAMESPACE}" --server "${KUBE_APISERVER}" --token="${KUBE_TOKEN}" create secret tls shibboleth-sp-helm-chart-certs --cert="${CI_PROJECT_DIR}/ci/sp-cert.pem" --key="${CI_PROJECT_DIR}/ci/sp-key.pem"
- kubectl --namespace "${NAMESPACE}" --server "${KUBE_APISERVER}" --token="${KUBE_TOKEN}" create secret tls "${HELM_RELEASE}-certs" --cert="${CI_PROJECT_DIR}/ci/sp-cert.pem" --key="${CI_PROJECT_DIR}/ci/sp-key.pem"
# thanks to --atomic, this command won't just install the chart but also ensure it works
- helm install "${HELM_RELEASE}" "${CI_PROJECT_DIR}" --values="${CI_PROJECT_DIR}/ci/values.yaml" --atomic --debug
# remove from cache
......@@ -107,8 +107,8 @@ verify:
interruptible: true
script:
- helm test "${HELM_RELEASE}"
- kubectl --namespace "${NAMESPACE}" --server "${KUBE_APISERVER}" --token="${KUBE_TOKEN}" logs "shibboleth-sp-helm-test-curl" -c "root"
- kubectl --namespace "${NAMESPACE}" --server "${KUBE_APISERVER}" --token="${KUBE_TOKEN}" logs "shibboleth-sp-helm-test-curl" -c "session"
- kubectl --namespace "${NAMESPACE}" --server "${KUBE_APISERVER}" --token="${KUBE_TOKEN}" logs "${HELM_RELEASE}-test-curl" -c "root"
- kubectl --namespace "${NAMESPACE}" --server "${KUBE_APISERVER}" --token="${KUBE_TOKEN}" logs "${HELM_RELEASE}-test-curl" -c "session"
# we always want to perform an install (rather than an upgrade) in order to ensure the pre-install hooks work
# thus we're making extra sure to delete everything
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment