Merge pull request #104 from florentinvintila/open-shift-tornjak-script

Modified OpenShift installation scripts
IBM · Aug 31, 2021 · 8f93b7d · 8f93b7d
2 parents 4362af7 + 673bfd5
commit 8f93b7d
Show file tree

Hide file tree

Showing 2 changed files with 54 additions and 38 deletions.
diff --git a/utils/install-open-shift-spire.sh b/utils/install-open-shift-spire.sh
@@ -23,9 +23,25 @@ Where:
   -r <REGION>       - region, geo-location (required)
   -t <TRUST_DOMAIN> - the trust root of SPIFFE identity provider, default: spiretest.com (optional)
   -p <PROJECT_NAME> - OpenShift project [namespace] to install the Server, default: spire-server (optional)
+  --clean - performs removal of project (allows additional parameters i.e. -p|--project).
 HELPMEHELPME
 }
 
+cleanup() {
+  oc project $PROJECT
+  helm uninstall spire -n $PROJECT 2>/dev/null
+
+  # in case the helm information is not available
+  oc delete ClusterRole "$PROJECT-agent-spire-cluster-role" "$PROJECT-k8s-registrar-spire-cluster-role" 2>/dev/null
+  oc delete ClusterRoleBinding "$PROJECT-agent-spire-cluster-role-binding" "$PROJECT-k8s-registrar-spire-cluster-role-binding" 2>/dev/null
+  oc delete deploy spire-registrar
+
+  oc delete scc $SPIREAG_SCC 2>/dev/null
+  oc delete sa $SPIRE_AG_SA 2>/dev/null
+  # oc delete project $PROJECT 2>/dev/null
+}
+
+
 POSITIONAL=()
 while [[ $# -gt 0 ]]
 do
@@ -57,6 +73,10 @@ case $key in
     shift # past argument
     shift # past value
     ;;
+    --clean)
+    cleanup
+    exit 0
+    ;;
     -h|--help)
     helpme
     exit 0
@@ -264,19 +284,5 @@ else
 fi
 }
 
-cleanup() {
-  oc project $PROJECT
-  helm uninstall spire -n $PROJECT 2>/dev/null
-
-  # in case the helm information is not available
-  oc delete ClusterRole "$PROJECT-agent-spire-cluster-role" "$PROJECT-k8s-registrar-spire-cluster-role" 2>/dev/null
-  oc delete ClusterRoleBinding "$PROJECT-agent-spire-cluster-role-binding" "$PROJECT-k8s-registrar-spire-cluster-role-binding" 2>/dev/null
-  oc delete deploy spire-registrar
-
-  oc delete scc $SPIREAG_SCC 2>/dev/null
-  oc delete sa $SPIRE_AG_SA 2>/dev/null
-  # oc delete project $PROJECT 2>/dev/null
-}
-
 checkPrereqs
 installSpireAgent
diff --git a/utils/install-open-shift-tornjak.sh b/utils/install-open-shift-tornjak.sh
@@ -25,9 +25,28 @@ Where:
   -t <TRUST_DOMAIN> - the trust root of SPIFFE identity provider, default: spiretest.com (optional)
   -p <PROJECT_NAME> - OpenShift project [namespace] to install the Server, default: spire-server (optional)
   --oidc - execute OIDC installation (optional)
+  --clean - performs removal of project (allows additional parameters i.e. -p|--project).
 HELPMEHELPME
 }
 
+cleanup() {
+  oc project "$PROJECT"
+  helm uninstall tornjak -n "$PROJECT" 2>/dev/null
+
+  oc delete ClusterRole spire-server-role 2>/dev/null
+  oc delete ClusterRoleBinding spire-server-binding 2>/dev/null
+
+  oc delete scc "$SPIRE_SCC" 2>/dev/null
+  oc delete sa "$SPIRE_SA" 2>/dev/null
+  oc delete route spire-server 2>/dev/null
+  oc delete route tornjak-http 2>/dev/null
+  oc delete route tornjak-mtls 2>/dev/null
+  oc delete route tornjak-tls 2>/dev/null
+  oc delete ingress spireingress 2>/dev/null
+  #oc delete group $GROUPNAME --ignore-not-found=true
+  #oc delete project "$PROJECT" 2>/dev/null
+}
+
 POSITIONAL=()
 while [[ $# -gt 0 ]]
 do
@@ -53,6 +72,10 @@ case $key in
     OIDC=true
     shift # past argument
     ;;
+    --clean)
+    cleanup
+    exit 0
+    ;;
     -h|--help)
     helpme
     exit 0
@@ -109,6 +132,16 @@ installSpireServer(){
 
   fi
 
+# get ingress information:
+INGSEC=$(ibmcloud oc cluster get --cluster "$CLUSTERNAME" --output json | jq -r '.ingressSecretName')
+if [ -z "${INGSEC}" ]; then
+  echo "Ingress security name was not retrieved, please check admin rights for your account."
+  exit 1
+fi
+# TODO: check if needed
+# INGSTATUS=$(ibmcloud oc cluster get --cluster "$CLUSTERNAME" --output json | jq -r '.ingressStatus')
+ibmcloud oc cluster get --cluster "$CLUSTERNAME" --output json | jq -r '.ingressMessage'
+
 # create serviceAccount and setup permissions
 oc_cli create sa $SPIRE_SA
 oc_cli policy add-role-to-user cluster-admin "system:serviceaccount:$PROJECT:$SPIRE_SA"
@@ -136,12 +169,6 @@ groups:
 EOF
 #oc_cli describe scc $SPIRE_SCC
 
-# get ingress information:
-ING=$(ibmcloud oc cluster get --cluster "$CLUSTERNAME" --output json | jq -r '.ingressHostname')
-INGSEC=$(ibmcloud oc cluster get --cluster "$CLUSTERNAME" --output json | jq -r '.ingressSecretName')
-INGSTATUS=$(ibmcloud oc cluster get --cluster "$CLUSTERNAME" --output json | jq -r '.ingressStatus')
-ibmcloud oc cluster get --cluster "$CLUSTERNAME" --output json | jq -r '.ingressMessage'
-
 # TODO we disabled the create Keys here. Instead we will use the default keys
 # included in the helm charts. This process can be done manually, when needed.
 #
@@ -167,6 +194,7 @@ if ! $OIDC ; then
   --set "openShift=true" \
   tornjak charts/tornjak # --debug
 else
+  ING=$(ibmcloud oc cluster get --cluster "$CLUSTERNAME" --output json | jq -r '.ingressHostname')
   helm install --set "namespace=$PROJECT" \
   --set "clustername=$CLUSTERNAME" \
   --set "trustdomain=$TRUSTDOMAIN" \
@@ -323,23 +351,5 @@ else
 fi
 }
 
-cleanup() {
-  oc project "$PROJECT"
-  helm uninstall tornjak -n "$PROJECT" 2>/dev/null
-
-  oc delete ClusterRole spire-server-role 2>/dev/null
-  oc delete ClusterRoleBinding spire-server-binding 2>/dev/null
-
-  oc delete scc "$SPIRE_SCC" 2>/dev/null
-  oc delete sa "$SPIRE_SA" 2>/dev/null
-  oc delete route spire-server 2>/dev/null
-  oc delete route tornjak-http 2>/dev/null
-  oc delete route tornjak-mtls 2>/dev/null
-  oc delete route tornjak-tls 2>/dev/null
-  oc delete ingress spireingress 2>/dev/null
-  #oc delete group $GROUPNAME --ignore-not-found=true
-  # oc delete project "$PROJECT" 2>/dev/null
-}
-
 checkPrereqs
 installSpireServer