dvirlabs/apps-gitops
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
apps-gitops/automation/cloudflared-sync.sh

141 lines
4.9 KiB
Bash
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/bash
set -e
apk add --no-cache git bash curl yq jq
echo "🔍 Scanning for apps with cname.yaml..."
mkdir -p generated-values
rm -rf .tmp-repos
mkdir -p .tmp-repos
SANDBOX_REPO_URL="https://git.dvirlabs.com/dvirlabs/sandbox.git"
INFRA_REPO_URL="https://${GIT_TOKEN}@git.dvirlabs.com/dvirlabs/infra.git"
SANDBOX_CLONE=".tmp-repos/sandbox"
INFRA_CLONE=".tmp-repos/infra"
GENERATED_FILE="generated-values/cloudflared-values.yaml"
ORIGINAL_FILE="$INFRA_CLONE/manifests/cloudflared/values.yaml"
MERGED_FILE="$INFRA_CLONE/manifests/cloudflared/values.yaml"
echo "📦 Cloning sandbox-apps..."
git clone --depth=1 "$SANDBOX_REPO_URL" "$SANDBOX_CLONE"
echo "📦 Cloning infra..."
git clone --depth=1 "$INFRA_REPO_URL" "$INFRA_CLONE"
echo "⚙️ Generating sandbox ingress list..."
cat <<EOF > "$GENERATED_FILE"
ingress: []
EOF
find "$SANDBOX_CLONE/manifests" -name cname.yaml | while read -r cname_file; do
app_dir=$(dirname "$cname_file")
app_name=$(basename "$app_dir")
namespace=$(basename "$(dirname "$app_dir")")
enabled=$(yq '.enabled' "$cname_file")
if [[ "$enabled" == "true" ]]; then
hostname=$(yq '.hostname' "$cname_file")
service="http://${app_name}.${namespace}.svc.cluster.local:80"
echo "✅ Found $hostname$service"
yq eval ".ingress += [{\"hostname\": \"$hostname\", \"service\": \"$service\", \"namespace\": \"$namespace\"}]" -i "$GENERATED_FILE"
fi
done
echo "📄 Generated Ingress:"
cat "$GENERATED_FILE"
echo "🔁 Merging new entries into: $ORIGINAL_FILE"
TEMP_FILE=$(mktemp)
cp "$ORIGINAL_FILE" "$TEMP_FILE"
# Strip namespace key from existing values if present
yq eval -o=json '.cloudflare.ingress' "$TEMP_FILE" > /tmp/existing.json
yq eval '.ingress' "$GENERATED_FILE" | yq -o=json | jq -c '.[]' | while read -r new_entry; do
hostname=$(echo "$new_entry" | jq -r '.hostname')
service=$(echo "$new_entry" | jq -r '.service')
namespace=$(echo "$new_entry" | jq -r '.namespace')
exists=$(jq --arg hostname "$hostname" '.[] | select(.hostname == $hostname)' /tmp/existing.json)
if [ -z "$exists" ]; then
echo " Adding $hostname$service"
yq eval ".cloudflare.ingress += [{\"hostname\": \"$hostname\", \"service\": \"$service\", \"namespace\": \"$namespace\"}]" -i "$TEMP_FILE"
else
echo "⚠️ $hostname already exists, skipping"
fi
done
# === 🧹 Group and sort with comments ===
echo "🧼 Grouping ingress entries by namespace..."
GROUPED=$(mktemp)
yq eval 'del(.cloudflare.ingress)' "$TEMP_FILE" > "$GROUPED"
echo " ingress:" >> "$GROUPED"
# Extract ingress entries with namespace
yq eval '.cloudflare.ingress' "$TEMP_FILE" | yq -o=json | jq -s 'group_by(.namespace)[]' | while read -r group; do
namespace=$(echo "$group" | jq -r '.[0].namespace')
echo " # ############ $namespace ############" >> "$GROUPED"
echo "$group" | jq -c '.[]' | while read -r item; do
hostname=$(echo "$item" | jq -r '.hostname')
service=$(echo "$item" | jq -r '.service')
echo " - hostname: $hostname" >> "$GROUPED"
echo " service: $service" >> "$GROUPED"
done
done
# Copy to merged location
cp "$GROUPED" "$MERGED_FILE"
echo "✅ Final merged values.yaml:"
cat "$MERGED_FILE"
# === Commit if changed ===
cd "$INFRA_CLONE"
git config user.name "woodpecker-bot"
git config user.email "ci@dvirlabs.com"
git remote set-url origin "https://${GIT_TOKEN}@git.dvirlabs.com/dvirlabs/infra.git"
if ! git diff --quiet manifests/cloudflared/values.yaml; then
git add manifests/cloudflared/values.yaml
git commit -m "chore(cloudflared): grouped ingress by namespace"
git push origin HEAD
echo "✅ Changes pushed successfully."
else
echo " No changes to commit."
fi
# === Create Cloudflare CNAMEs ===
echo "🌐 Creating CNAME records in Cloudflare..."
CLOUDFLARE_API="https://api.cloudflare.com/client/v4"
TARGET="b50bbf48-0a2f-47ce-b73e-336b6718318b.cfargotunnel.com"
: "${CLOUDFLARE_API_TOKEN:?CLOUDFLARE_API_TOKEN not set}"
: "${CLOUDFLARE_ZONE_ID:?CLOUDFLARE_ZONE_ID not set}"
yq eval '.ingress' "$GENERATED_FILE" | yq eval -o=json '.' | jq -c '.[]' | while read -r record; do
name=$(echo "$record" | jq -r '.hostname' | sed 's/\.dvirlabs\.com//')
exists=$(curl -s -X GET "$CLOUDFLARE_API/zones/$CLOUDFLARE_ZONE_ID/dns_records?type=CNAME&name=$name.dvirlabs.com" \
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" -H "Content-Type: application/json" | jq '.result | length')
if [ "$exists" -eq 0 ]; then
echo " Creating CNAME: $name.dvirlabs.com → $TARGET"
curl -s -X POST "$CLOUDFLARE_API/zones/$CLOUDFLARE_ZONE_ID/dns_records" \
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
-H "Content-Type: application/json" \
--data "{
\"type\": \"CNAME\",
\"name\": \"$name\",
\"content\": \"$TARGET\",
\"ttl\": 1,
\"proxied\": true
}" > /dev/null
else
echo "⚠️ CNAME for $name.dvirlabs.com already exists, skipping"
fi
done
Reference in New Issue View Git Blame Copy Permalink