-
Notifications
You must be signed in to change notification settings - Fork 85
/
setup.sh
executable file
·103 lines (86 loc) · 3.6 KB
/
setup.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
# Copyright Contributors to the Open Cluster Management project
#!/usr/bin/env bash
source ./port-defaults.sh
source ./oauth-client-name.sh
echo > ./backend/.env
echo PORT="${BACKEND_PORT}" >> ./backend/.env
echo NODE_ENV=development >> ./backend/.env
CLUSTER_API_URL=`oc get infrastructure cluster -o jsonpath={.status.apiServerURL}`
echo CLUSTER_API_URL=$CLUSTER_API_URL >> ./backend/.env
echo OAUTH2_CLIENT_ID=$OAUTH_CLIENT_NAME >> ./backend/.env
OAUTH2_REDIRECT_URL=https://localhost:${FRONTEND_PORT}/multicloud/login/callback
echo OAUTH2_REDIRECT_URL=$OAUTH2_REDIRECT_URL >> ./backend/.env
FRONTEND_URL=https://localhost:${FRONTEND_PORT}
echo FRONTEND_URL=$FRONTEND_URL >> ./backend/.env
INSTALLATION_NAMESPACE=`oc get multiclusterhub -A -o jsonpath='{.items[0].metadata.namespace}' || true`
INSTALLATION_NAMESPACE_MCE=`oc get multiclusterengine -A -o jsonpath='{.items[0].spec.targetNamespace}'`
SA=$(oc get serviceaccounts -n $INSTALLATION_NAMESPACE_MCE console-mce -o jsonpath='{.metadata.name}')
SA_SECRET=$(oc get secrets -n $INSTALLATION_NAMESPACE_MCE -o json | jq -r "[.items[] | select(.metadata.annotations[\"kubernetes.io/service-account.name\"] == \"$SA\" and .type == \"kubernetes.io/service-account-token\")][0].metadata.name // \"\"")
if [[ -z "$SA_SECRET" ]]; then
oc apply -f - << EOF
apiVersion: v1
kind: Secret
metadata:
name: console-mce-token
namespace: $INSTALLATION_NAMESPACE_MCE
annotations:
kubernetes.io/service-account.name: $SA
type: kubernetes.io/service-account-token
EOF
SA_SECRET="console-mce-token"
fi
SA_TOKEN=`oc get secret -n $INSTALLATION_NAMESPACE_MCE ${SA_SECRET} -o="jsonpath={.data.token}" | base64 -d`
CA_CERT=`oc get secret -n $INSTALLATION_NAMESPACE_MCE ${SA_SECRET} -o="jsonpath={.data.ca\.crt}"`
SERVICE_CA_CERT=`oc get secret -n $INSTALLATION_NAMESPACE_MCE ${SA_SECRET} -o="jsonpath={.data.service-ca\.crt}"`
echo TOKEN=$SA_TOKEN >> ./backend/.env
echo CA_CERT=$CA_CERT >> ./backend/.env
echo SERVICE_CA_CERT=$SERVICE_CA_CERT >> ./backend/.env
# Create or update OAuthClient
REDIRECT_URL=http://localhost:${CONSOLE_PORT}/auth/callback
REDIRECT_URL_STANDALONE=$OAUTH2_REDIRECT_URL
if ! oc get OAuthClient $OAUTH_CLIENT_NAME &> /dev/null; then
oc process -f - << EOF | oc apply -f -
apiVersion: template.openshift.io/v1
kind: Template
metadata:
name: console-oauth-client
parameters:
- name: OAUTH_SECRET
generate: expression
from: "[a-zA-Z0-9]{40}"
objects:
- apiVersion: oauth.openshift.io/v1
kind: OAuthClient
metadata:
name: ${OAUTH_CLIENT_NAME}
grantMethod: auto
secret: \${OAUTH_SECRET}
redirectURIs:
- ${REDIRECT_URL}
- ${REDIRECT_URL_STANDALONE}
EOF
else
REDIRECT_URIS=$(oc get OAuthClient $OAUTH_CLIENT_NAME -o json | jq -c "[.redirectURIs[], \"$REDIRECT_URL\", \"$REDIRECT_URL_STANDALONE\"] | unique")
oc patch OAuthClient $OAUTH_CLIENT_NAME --type json -p "[{\"op\": \"add\", \"path\": \"/redirectURIs\", \"value\": ${REDIRECT_URIS}}]"
fi
printf "OAUTH2_CLIENT_SECRET=" >> ./backend/.env
oc get OAuthClient $OAUTH_CLIENT_NAME -o jsonpath='{.secret}{"\n"}' >> ./backend/.env
# Create route to the search-api service on the target cluster.
if [[ -n "$INSTALLATION_NAMESPACE" ]]; then
oc apply -f - << EOF
apiVersion: route.openshift.io/v1
kind: Route
metadata:
name: search-api
namespace: $INSTALLATION_NAMESPACE
spec:
to:
kind: Service
name: search-search-api
tls:
termination: reencrypt
insecureEdgeTerminationPolicy: Redirect
EOF
SEARCH_API_URL=https://$(oc get route search-api -n $INSTALLATION_NAMESPACE -o="jsonpath={.status.ingress[0].host}")
echo SEARCH_API_URL=$SEARCH_API_URL >> ./backend/.env
fi