Fixed various issues with the makefile #102
Conversation
Kube context wasn't provided to kubectl commands. Secret deletion didn't complete if sendgrid was disabled. Role attachments are now deleted properly in secret teardown. Cleaned up some of the make commands. Changed kubectl context alias to be the cluster name rather than the ARN. Made pre-k8s step idempotent. (closes #96 #97)
| @@ -1,62 +1,68 @@ | |||
| SHELL := /usr/bin/env bash | |||
| SHELL = /usr/bin/env bash | |||
There was a problem hiding this comment.
This made me look up info on the various assignments: https://stackoverflow.com/a/448939
Good to know!
| PROJECT = <% .Name %> | ||
| export AWS_DEFAULT_REGION = <% index .Params `region` %> | ||
| export AWS_PAGER = | ||
| KUBE_CONTEXT := $(PROJECT)-$(ENVIRONMENT)-$(AWS_DEFAULT_REGION) |
There was a problem hiding this comment.
Hmm. This one made me look up more info: https://stackoverflow.com/a/2839065
Also good to know. :-)
There was a problem hiding this comment.
Yeah, make syntax is so much less familiar than shell syntax which is part of the reason I'm leaning toward moving this stuff to shell scripts now that it has gotten more complex.
There was a problem hiding this comment.
That's a good reason. My bash-fu is definitely stronger than my make-fu.
|
|
||
| apply-remote-state: | ||
| aws s3 ls $(PROJECT)-$(ENVIRONMENT)-terraform-state || (\ | ||
| aws s3 ls $(PROJECT)-$(ENVIRONMENT)-terraform-state > /dev/null 2>&1 || ( \ |
| kubectl run --context $(KUBE_CONTEXT) -i --tty zero-k8s-utilities --image=commitdev/zero-k8s-utilities:0.0.3 --restart=Never -- wg genkey | \ | ||
| xargs aws secretsmanager create-secret --region $(AWS_DEFAULT_REGION) --name $(PROJECT)-$(ENVIRONMENT)-vpn-wg-privatekey-<% index .Params `randomSeed` %> --description "Auto-generated Wireguard VPN private key" --secret-string && \ | ||
| kubectl delete --context $(KUBE_CONTEXT) pod/zero-k8s-utilities && \ | ||
| echo "Done VPN private key creation" ) |
There was a problem hiding this comment.
I'm not looking at this one too closely; I'll leave that for @sshi100
|
|
||
| update-k8s-conf: | ||
| aws eks --region <% index .Params `region` %> update-kubeconfig --role "arn:aws:iam::<% index .Params `accountId` %>:role/$(PROJECT)-kubernetes-admin-$(ENVIRONMENT)" --name $(PROJECT)-$(ENVIRONMENT)-<% index .Params `region` %> | ||
| aws eks --region $(AWS_DEFAULT_REGION) update-kubeconfig --role "arn:aws:iam::<% index .Params `accountId` %>:role/$(PROJECT)-kubernetes-admin-$(ENVIRONMENT)" --name $(KUBE_CONTEXT) --alias $(KUBE_CONTEXT) |
| aws s3 rm s3://$(PROJECT)-$(ENVIRONMENT)-terraform-state --recursive && \ | ||
| aws s3 rb s3://$(PROJECT)-$(ENVIRONMENT)-terraform-state --force && \ | ||
| aws dynamodb delete-table --region <% index .Params `region` %> --table-name $(PROJECT)-$(ENVIRONMENT)-terraform-state-locks | ||
| @echo "Deleting remote state is not reversible, are you sure you want to delete the resources? [y/N]:" ; read ans ; [ $${ans:-N} == "y" ] || exit 1 |
There was a problem hiding this comment.
What's the difference between ; and && here?
Both work the same for me locally with happy path, so I approve; but I don't understand.
There was a problem hiding this comment.
; will run the next command regardless of the exit code of the previous one. In this case echo and read are pretty much guaranteed to succeed so && will do the same thing, but ; makes it more clear that we don't care about the return codes, whereas we do care about the result of the comparison at the end.
There was a problem hiding this comment.
Thanks! Great to know. :-)
Kube context wasn't provided to kubectl commands. Secret deletion didn't complete if sendgrid was disabled. Role attachments are now deleted properly in secret teardown. Cleaned up some of the make commands. Changed kubectl context alias to be the cluster name rather than the ARN. Made pre-k8s step idempotent. (closes #96 #97)
Kube context wasn't provided to kubectl commands.
Secret deletion didn't complete if sendgrid was disabled.
Role attachments are now deleted properly in secret teardown.
Cleaned up some of the make commands.
Changed kubectl context alias to be the cluster name rather than the ARN.
Made pre-k8s step idempotent.
(closes #96)
(closes #97)