-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdeploy-driver.sh
executable file
·96 lines (80 loc) · 3.05 KB
/
deploy-driver.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
#!/bin/bash
# This script will deploy the GCP Compute Persistent Disk CSI Driver to the
# currently available Kubernetes cluster
# Note: setup-cluster.yaml depends on the existence of cluster-roles
# system:csi-external-attacher and system:csi-external-provisioner
# which are in Kubernetes version 1.10.5+
# Args:
# GCE_PD_SA_DIR: Directory the service account key has been saved in (generated by setup-project.sh)
# GCE_PD_DRIVER_VERSION: The kustomize overlay (located in
# deploy/kubernetes/overlays) to deploy. Can be one of {stable, dev}
set -o nounset
set -o errexit
set -x
readonly NAMESPACE="${GCE_PD_DRIVER_NAMESPACE:-default}"
readonly DEPLOY_VERSION="${GCE_PD_DRIVER_VERSION:-stable}"
readonly PKGDIR="${GOPATH}/src/sigs.k8s.io/gcp-compute-persistent-disk-csi-driver"
source "${PKGDIR}/deploy/common.sh"
print_usage()
{
echo "deploy-driver.sh [--skip-sa-check]\n"
echo "\t--skip-sa-check: don't check the service account for required roles"
echo
}
skip_sa_check=
while [ ! -z "${1-}" ]; do
case $1 in
--skip-sa-check ) shift
skip_sa_check=true
;;
-h | --help ) print_usage
exit 1
;;
* ) print_usage
exit 1
;;
esac
done
ensure_var GCE_PD_SA_DIR
function check_service_account()
{
# Using bash magic to parse JSON for IAM
# Grepping for a line with client email returning anything quoted after the colon
readonly IAM_NAME=$(grep -Po '"client_email": *\K"[^"]*"' ${GCE_PD_SA_DIR}/cloud-sa.json | tr -d '"')
# Grepping anything after the @ tell the first . as the project name
readonly PROJECT=$(grep -Po '.*@\K[^.]+'<<<${IAM_NAME})
readonly GOTTEN_BIND_ROLES=$(gcloud projects get-iam-policy ${PROJECT} --flatten="bindings[].members" --format='table(bindings.role)' --filter="bindings.members:${IAM_NAME}")
readonly BIND_ROLES=$(get_needed_roles)
MISSING_ROLES=false
for role in ${BIND_ROLES}
do
if ! grep -q $role <<<${GOTTEN_BIND_ROLES} ;
then
echo "Missing role: $role"
MISSING_ROLES=true
fi
done
if [ "${MISSING_ROLES}" = true ];
then
echo "Cannot deploy with missing roles in service account, please run setup-project.sh to setup Service Account"
exit 1
fi
}
ensure_kustomize
if [ "$skip_sa_check" != true ]; then
check_service_account
fi
if ! ${KUBECTL} get secret cloud-sa -v="${VERBOSITY}" -n ${NAMESPACE};
then
${KUBECTL} create secret generic cloud-sa -v="${VERBOSITY}" --from-file="${GCE_PD_SA_DIR}/cloud-sa.json" -n ${NAMESPACE}
fi
# GKE Required Setup
if ! ${KUBECTL} get clusterrolebinding -v="${VERBOSITY}" cluster-admin-binding;
then
${KUBECTL} create clusterrolebinding cluster-admin-binding -v="${VERBOSITY}" --clusterrole cluster-admin --user $(gcloud config get-value account)
fi
# Debug log: print ${KUBECTL} version
${KUBECTL} version
readonly tmp_spec=/tmp/gcp-compute-persistent-disk-csi-driver-specs-generated.yaml
${KUSTOMIZE_PATH} build ${PKGDIR}/deploy/kubernetes/overlays/${DEPLOY_VERSION} | tee $tmp_spec
${KUBECTL} apply -v="${VERBOSITY}" -f $tmp_spec