bin/concourse/out in kite-0.2.0 vs bin/concourse/out in kite-1.0.0
- old
+ new
@@ -5,36 +5,32 @@
Dir.chdir ARGV[0]
params = Kite::Helpers::Concourse.params(STDIN.read)
Kite::Helpers::Concourse.fatal '`source` missing' unless params['source']
-key = params['source']['json_key']
-kubeconfig = params['source']['kubeconfig']
+token = params['source']['token'] # kubectl service account token
+endpoint = params['source']['endpoint']
+cert = params['source']['certificate-authority']
command = params['params']['command']
-Kite::Helpers::Concourse.fatal '`kubeconfig` missing' if kubeconfig.to_s.empty?
Kite::Helpers::Concourse.fatal '`command` missing' if command.to_s.empty?
+path_certificate = '/tmp/ca.crt'
path_key = '/tmp/key.json'
path_kubeconfig = '/tmp/kubeconfig'
+cleaner = [/(token)=[^ ]*/, '\1=REDACTED']
-File.write(path_key, key) if key
-File.write(path_kubeconfig, kubeconfig)
+env = {}
-env = {
- 'KUBECONFIG' => path_kubeconfig,
-}
+File.write(path_certificate, cert)
+env['KUBECONFIG'] = path_kubeconfig
-if key
- env['GOOGLE_CREDENTIALS'] = path_key
- unless Kite::Helpers::Concourse.execute("gcloud auth activate-service-account --key-file=#{ path_key }", env)
- ::Kite::Helpers::Concourse.respond(
- version: { status: 'error' },
- metadata: ["Failed to execute command #{ command }"]
- )
- exit 1
- end
-end
+Kite::Helpers::Concourse.execute("kubectl config set-cluster concourse " \
+ "--embed-certs=true --server=#{ endpoint } " \
+ "--certificate-authority=#{ path_certificate }", env)
+Kite::Helpers::Concourse.execute("kubectl config set-credentials concourse --token='#{ token }'", env, cleaner)
+Kite::Helpers::Concourse.execute("kubectl config set-context concourse --cluster=concourse --user=concourse", env)
+Kite::Helpers::Concourse.execute("kubectl config use-context concourse", env)
if Kite::Helpers::Concourse.execute(command, env)
::Kite::Helpers::Concourse.respond(version: { status: 'ok' })
else
::Kite::Helpers::Concourse.respond(