Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
executable file 85 lines (73 sloc) 2.62 KB
#!/bin/bash
set -e
function cleanup {
if [[ "${CREATE_CLUSTER}" != true ]]; then
kubectl delete namespace ${NAMESPACE}
fi
}
trap cleanup EXIT
CREATE_CLUSTER=${CREATE_CLUSTER:-true}
NAMESPACE=${NAMESPACE:-ns-1}
DEPLOYMENT_NAME=${DEPLOYMENT_NAME:-nginx-deployment}
AWS_ACCOUNT_ID=${AWS_ACCOUNT_ID:-12345}
K8S_VERSION=${K8S_VERSION:-v1.13.6}
if [[ "${CREATE_CLUSTER}" == true ]]; then
sed -i -E "s/(kubernetesVersion:\s*)(.+)/\1 ${K8S_VERSION}/" kind-config.yaml
kind create cluster --wait 60s --config kind-config.yaml
export KUBECONFIG="$(kind get kubeconfig-path)"
fi
# Create namespace for test
kubectl create namespace ${NAMESPACE}
# Install Helm
kubectl create rolebinding default-admin --clusterrole=admin --serviceaccount=${NAMESPACE}:default --namespace=${NAMESPACE}
helm init --wait --tiller-namespace ${NAMESPACE}
# Install controller
helm upgrade --tiller-namespace ${NAMESPACE} --namespace "${NAMESPACE}" --wait --install "iam-role-annotator" "./charts/iam-role-annotator" --set image.tag="${TRAVIS_COMMIT:-latest}" --set awsAccountId="${AWS_ACCOUNT_ID}"
# Create Deployment that needs annotation
cat <<EOF | kubectl create -f -
apiVersion: apps/v1
kind: Deployment
metadata:
name: ${DEPLOYMENT_NAME}
namespace: ${NAMESPACE}
labels:
app: nginx
annotations:
armesto.net/iam-role-annotator: "true"
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
annotations:
prometheus.io/scheme: http
spec:
containers:
- name: nginx
image: nginx:1.7.9
ports:
- containerPort: 80
EOF
sleep 20
# Test if deployment has annotation
kubectl get pods --namespace ${NAMESPACE}
kubectl logs --namespace ${NAMESPACE} deploy/iam-role-annotator iam-role-annotator
POD_NAME=$(kubectl get pods --namespace ${NAMESPACE} --field-selector=status.phase=Running -l "app=nginx" -o jsonpath="{.items[0].metadata.name}")
if [[ $(kubectl get pod --namespace ${NAMESPACE} ${POD_NAME} -o json | jq '.metadata.annotations' | jq 'contains({"iam.amazonaws.com/role"})') == 'true' ]]; then
if [[ $(kubectl get pods --namespace ${NAMESPACE} ${POD_NAME} -o json | jq -r '.metadata.annotations."iam.amazonaws.com/role"') == "arn:aws:iam::${AWS_ACCOUNT_ID}:role/${DEPLOYMENT_NAME}" ]]; then
echo "SUCCESS!"
exit 0
else
echo "ERROR: the annotation contains the wrong value"
kubectl get pod --namespace ${NAMESPACE} ${POD_NAME} -o json | jq '.'
exit 1
fi
else
echo "ERROR: the POD does not contain the expected annotation"
kubectl get pod --namespace ${NAMESPACE} ${POD_NAME} -o json | jq '.'
exit 1
fi
You can’t perform that action at this time.