From a6dafb76ebb0a73f28ae6b7bb7002d0eba75ed9c Mon Sep 17 00:00:00 2001 From: Robert Seedorff Date: Mon, 17 May 2021 17:29:37 +0200 Subject: [PATCH 1/4] Refactored shell script to respect namespaces Signed-off-by: Robert Seedorff --- bin/install.sh | 67 +++++++++++++++++++++++++++++++----------------- bin/uninstall.sh | 17 +++++++----- 2 files changed, 54 insertions(+), 30 deletions(-) diff --git a/bin/install.sh b/bin/install.sh index 41c3372702..1da831192d 100755 --- a/bin/install.sh +++ b/bin/install.sh @@ -33,6 +33,11 @@ INSTALL_INTERACTIVE='' INSTALL_SCANNERS='' INSTALL_DEMO_APPS='' INSTALL_HOOKS='' +INSTALL_NAMESPACED="false" + +SCB_SYSTEM_NAMESPACE='securecodebox-system' +SCB_DEMO_NAMESPACE='demo-apps' +SCB_NAMESPACE='default' function print() { if [[ $# == 0 ]]; then @@ -56,9 +61,9 @@ The installation is interactive if no arguments are provided. Options --all Install scanners, demo-apps and hooks - --scanners Install scanners - --demo-apps Install demo-apps - --hooks Install hooks + --scanners Install scanners (namespace: default) + --demo-apps Install demo-apps (namespace: default) + --hooks Install hooks (namespace: default) -h|--help Show help Examples: @@ -100,19 +105,19 @@ function exitIfHelmIsNotInstalled() { fi } -# Create namespace securecodebox-system and install Operator there in one step, +# Create namespace 'securecodebox-system' and install Operator there in one step, # because the namespace is not used otherwise function createNamespaceAndInstallOperator() { print - print "Creating namespace securecodebox-system" - kubectl create namespace securecodebox-system || print "Namespace already exists..." + print "Creating namespace $SCB_SYSTEM_NAMESPACE" + kubectl create namespace $SCB_SYSTEM_NAMESPACE || print "Namespace '$SCB_SYSTEM_NAMESPACE' already exists..." - print "Installing the operator in the securecodebox-system namespace" + print "Installing the operator in the '$SCB_SYSTEM_NAMESPACE' namespace" - if [[ $(helm -n securecodebox-system upgrade --install securecodebox-operator "$BASE_DIR"/operator/) ]]; then - print "$COLOR_OK" "Successfully installed the operator!" + if [[ $(helm -n $SCB_SYSTEM_NAMESPACE upgrade --install securecodebox-operator "$BASE_DIR"/operator/) ]]; then + print "$COLOR_OK" "Successfully installed the operator in namespace '$SCB_SYSTEM_NAMESPACE'!" else - print "$COLOR_ERROR" "Operator installation failed, cancelling..." && exit 1 + print "$COLOR_ERROR" "Operator installation failed in namespace '$SCB_SYSTEM_NAMESPACE', cancelling..." && exit 1 fi } @@ -176,10 +181,6 @@ function welcomeToInteractiveInstall() { } function interactiveInstall() { - print - print "Starting to install scanners..." - installResources "$BASE_DIR/scanners" "default" False - print print "Starting to install demo-apps..." print "Do you want to install the demo apps in a separate namespace? Otherwise they will be installed into the [default] namespace [y/N]" @@ -188,14 +189,29 @@ function interactiveInstall() { if [[ $line == *[Yy] ]]; then print "Please provide a name for the namespace:" read -r NAMESPACE - kubectl create namespace "$NAMESPACE" || print "Namespace already exists or could not be created.. " + kubectl create namespace "$NAMESPACE" || print "Namespace '$NAMESPACE' already exists or could not be created.. " fi installResources "$BASE_DIR/demo-apps" "$NAMESPACE" False + print + print "Starting to install 'scanners' and 'hooks'..." + print "Do you want to install the secureCodeBox 'scanners' and 'hooks' in a separate namespace? Otherwise they will be installed into the [default] namespace [y/N]" + read -r line + NAMESPACE="default" + if [[ $line == *[Yy] ]]; then + print "Please provide a name for the namespace:" + read -r NAMESPACE + kubectl create namespace "$NAMESPACE" || print "Namespace '$NAMESPACE' already exists or could not be created.. " + fi + print print "Starting to install hooks..." - installResources "$BASE_DIR/hooks" "default" False + installResources "$BASE_DIR/hooks" "$NAMESPACE" False + + print + print "Starting to install scanners..." + installResources "$BASE_DIR/scanners" "$NAMESPACE" False print print "$COLOR_OK" "Information about your cluster:" @@ -210,19 +226,22 @@ function interactiveInstall() { } function unattendedInstall() { - if [[ -n "${INSTALL_SCANNERS}" ]]; then - print "Starting to install scanners..." - installResources "$BASE_DIR/scanners" "default" True + if [[ -n "${INSTALL_DEMO_APPS}" ]]; then + print "Starting to install 'demo-apps' into namespace '$SCB_DEMO_NAMESPACE' ..." + kubectl create namespace "$SCB_DEMO_NAMESPACE" || print "Namespace '$SCB_DEMO_NAMESPACE' already exists or could not be created.. " + installResources "$BASE_DIR/demo-apps" "$SCB_DEMO_NAMESPACE" True fi - if [[ -n "${INSTALL_DEMO_APPS}" ]]; then - print "Starting to install demo-apps..." - installResources "$BASE_DIR/demo-apps" "default" True + if [[ -n "${INSTALL_SCANNERS}" ]]; then + print "Starting to install 'scanners' into namespace '$SCB_NAMESPACE' ..." + kubectl create namespace "$SCB_NAMESPACE" || print "Namespace '$SCB_NAMESPACE' already exists or could not be created.. " + installResources "$BASE_DIR/scanners" "$SCB_NAMESPACE" True fi if [[ -n "${INSTALL_HOOKS}" ]]; then - print "Starting to install hooks..." - installResources "$BASE_DIR/hooks" "default" True + print "Starting to install 'hooks' into namespace '$SCB_NAMESPACE' ..." + kubectl create namespace "$SCB_NAMESPACE" || print "Namespace '$SCB_NAMESPACE' already exists or could not be created.. " + installResources "$BASE_DIR/hooks" "$SCB_NAMESPACE" True fi print "$COLOR_OK" "Finished installation successfully!" diff --git a/bin/uninstall.sh b/bin/uninstall.sh index 7af87d7c33..653c0ddf14 100755 --- a/bin/uninstall.sh +++ b/bin/uninstall.sh @@ -15,8 +15,13 @@ shopt -s extglob BASE_DIR=$(dirname "${SCRIPT_DIRECTORY}") +SCB_SYSTEM_NAMESPACE='securecodebox-system' +SCB_DEMO_NAMESPACE='demo-apps' +SCB_NAMESPACE='default' + function uninstallResources() { local resource_directory="$1" + local namespace="$2" local resources=() for path in "$resource_directory"/*; do @@ -28,14 +33,14 @@ function uninstallResources() { for resource in "${resources[@]}"; do local resource_name="${resource//+([_])/-}" # Necessary because ssh_scan is called ssh-scan - helm uninstall "$resource_name" || true + helm uninstall "$resource_name" -n $namespace || true done } -helm -n securecodebox-system uninstall securecodebox-operator || true +helm -n $SCB_SYSTEM_NAMESPACE uninstall securecodebox-operator || true -uninstallResources "$BASE_DIR/scanners" -uninstallResources "$BASE_DIR/demo-apps" -uninstallResources "$BASE_DIR/hooks" +uninstallResources "$BASE_DIR/demo-apps" "$SCB_DEMO_NAMESPACE" +uninstallResources "$BASE_DIR/scanners" "$SCB_NAMESPACE" +uninstallResources "$BASE_DIR/hooks" "$SCB_NAMESPACE" -kubectl delete namespaces securecodebox-system || true +kubectl delete namespaces $SCB_SYSTEM_NAMESPACE || true From 36d2c83fbeb776594a7f9b397c1c0edc8aa5fbe1 Mon Sep 17 00:00:00 2001 From: Robert Seedorff Date: Wed, 16 Jun 2021 22:28:39 +0200 Subject: [PATCH 2/4] Fixed stuff after review feeback. Thx for your suggestions! Signed-off-by: Robert Seedorff --- bin/install.sh | 20 ++++++++++---------- bin/uninstall.sh | 6 +++--- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/bin/install.sh b/bin/install.sh index 1da831192d..928d566b40 100755 --- a/bin/install.sh +++ b/bin/install.sh @@ -33,7 +33,7 @@ INSTALL_INTERACTIVE='' INSTALL_SCANNERS='' INSTALL_DEMO_APPS='' INSTALL_HOOKS='' -INSTALL_NAMESPACED="false" +INSTALL_NAMESPACED='false' SCB_SYSTEM_NAMESPACE='securecodebox-system' SCB_DEMO_NAMESPACE='demo-apps' @@ -109,15 +109,15 @@ function exitIfHelmIsNotInstalled() { # because the namespace is not used otherwise function createNamespaceAndInstallOperator() { print - print "Creating namespace $SCB_SYSTEM_NAMESPACE" - kubectl create namespace $SCB_SYSTEM_NAMESPACE || print "Namespace '$SCB_SYSTEM_NAMESPACE' already exists..." + print "Creating namespace $SCB_SYSTEM_NAMESPACE..." + kubectl create namespace $SCB_SYSTEM_NAMESPACE || print "Namespace '$SCB_SYSTEM_NAMESPACE' already exists!" print "Installing the operator in the '$SCB_SYSTEM_NAMESPACE' namespace" - if [[ $(helm -n $SCB_SYSTEM_NAMESPACE upgrade --install securecodebox-operator "$BASE_DIR"/operator/) ]]; then + if [[ $(helm -n "$SCB_SYSTEM_NAMESPACE" upgrade --install securecodebox-operator "$BASE_DIR/operator/") ]]; then print "$COLOR_OK" "Successfully installed the operator in namespace '$SCB_SYSTEM_NAMESPACE'!" else - print "$COLOR_ERROR" "Operator installation failed in namespace '$SCB_SYSTEM_NAMESPACE', cancelling..." && exit 1 + print "$COLOR_ERROR" "Operator installation failed in namespace '$SCB_SYSTEM_NAMESPACE', cancelling installation!" && exit 1 fi } @@ -189,7 +189,7 @@ function interactiveInstall() { if [[ $line == *[Yy] ]]; then print "Please provide a name for the namespace:" read -r NAMESPACE - kubectl create namespace "$NAMESPACE" || print "Namespace '$NAMESPACE' already exists or could not be created.. " + kubectl create namespace "$NAMESPACE" || print "Namespace '$NAMESPACE' already exists or could not be created!" fi installResources "$BASE_DIR/demo-apps" "$NAMESPACE" False @@ -202,7 +202,7 @@ function interactiveInstall() { if [[ $line == *[Yy] ]]; then print "Please provide a name for the namespace:" read -r NAMESPACE - kubectl create namespace "$NAMESPACE" || print "Namespace '$NAMESPACE' already exists or could not be created.. " + kubectl create namespace "$NAMESPACE" || print "Namespace '$NAMESPACE' already exists or could not be created!" fi print @@ -228,19 +228,19 @@ function interactiveInstall() { function unattendedInstall() { if [[ -n "${INSTALL_DEMO_APPS}" ]]; then print "Starting to install 'demo-apps' into namespace '$SCB_DEMO_NAMESPACE' ..." - kubectl create namespace "$SCB_DEMO_NAMESPACE" || print "Namespace '$SCB_DEMO_NAMESPACE' already exists or could not be created.. " + kubectl create namespace "$SCB_DEMO_NAMESPACE" || print "Namespace '$SCB_DEMO_NAMESPACE' already exists or could not be created!" installResources "$BASE_DIR/demo-apps" "$SCB_DEMO_NAMESPACE" True fi if [[ -n "${INSTALL_SCANNERS}" ]]; then print "Starting to install 'scanners' into namespace '$SCB_NAMESPACE' ..." - kubectl create namespace "$SCB_NAMESPACE" || print "Namespace '$SCB_NAMESPACE' already exists or could not be created.. " + kubectl create namespace "$SCB_NAMESPACE" || print "Namespace '$SCB_NAMESPACE' already exists or could not be created!" installResources "$BASE_DIR/scanners" "$SCB_NAMESPACE" True fi if [[ -n "${INSTALL_HOOKS}" ]]; then print "Starting to install 'hooks' into namespace '$SCB_NAMESPACE' ..." - kubectl create namespace "$SCB_NAMESPACE" || print "Namespace '$SCB_NAMESPACE' already exists or could not be created.. " + kubectl create namespace "$SCB_NAMESPACE" || print "Namespace '$SCB_NAMESPACE' already exists or could not be created!" installResources "$BASE_DIR/hooks" "$SCB_NAMESPACE" True fi diff --git a/bin/uninstall.sh b/bin/uninstall.sh index 653c0ddf14..597fb17c67 100755 --- a/bin/uninstall.sh +++ b/bin/uninstall.sh @@ -33,14 +33,14 @@ function uninstallResources() { for resource in "${resources[@]}"; do local resource_name="${resource//+([_])/-}" # Necessary because ssh_scan is called ssh-scan - helm uninstall "$resource_name" -n $namespace || true + helm uninstall "$resource_name" -n "$namespace" || true done } -helm -n $SCB_SYSTEM_NAMESPACE uninstall securecodebox-operator || true +helm -n "$SCB_SYSTEM_NAMESPACE" uninstall securecodebox-operator || true uninstallResources "$BASE_DIR/demo-apps" "$SCB_DEMO_NAMESPACE" uninstallResources "$BASE_DIR/scanners" "$SCB_NAMESPACE" uninstallResources "$BASE_DIR/hooks" "$SCB_NAMESPACE" -kubectl delete namespaces $SCB_SYSTEM_NAMESPACE || true +kubectl delete namespaces "$SCB_SYSTEM_NAMESPACE" || true From 97b4bfb19b1f34bda2f5c5c769b5d94264ac58e4 Mon Sep 17 00:00:00 2001 From: Robert Seedorff Date: Fri, 2 Jul 2021 21:54:15 +0200 Subject: [PATCH 3/4] Improvement based on review feedback Signed-off-by: Robert Seedorff --- bin/install.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/bin/install.sh b/bin/install.sh index 8b92cc4d0e..84ef00c51e 100755 --- a/bin/install.sh +++ b/bin/install.sh @@ -37,7 +37,7 @@ INSTALL_INTERACTIVE='' INSTALL_SCANNERS='' INSTALL_DEMO_TARGETS='' INSTALL_HOOKS='' -INSTALL_NAMESPACED='false' +INSTALL_NAMESPACED='' SCB_SYSTEM_NAMESPACE='securecodebox-system' SCB_DEMO_NAMESPACE='demo-targets' @@ -209,11 +209,11 @@ function interactiveInstall() { print print "Starting to install hooks..." - installResources "$BASE_DIR/hooks" "$NAMESPACE" False + installResources "$BASE_DIR/hooks" "$NAMESPACE" "" print print "Starting to install scanners..." - installResources "$BASE_DIR/scanners" "$NAMESPACE" False + installResources "$BASE_DIR/scanners" "$NAMESPACE" "" print print "$COLOR_OK" "Information about your cluster:" @@ -231,13 +231,13 @@ function unattendedInstall() { if [[ -n "${INSTALL_DEMO_APPS}" ]]; then print "Starting to install 'demo-targets' into namespace '$SCB_DEMO_NAMESPACE' ..." kubectl create namespace "$SCB_DEMO_NAMESPACE" || print "Namespace '$SCB_DEMO_NAMESPACE' already exists or could not be created!" - installResources "$BASE_DIR/demo-targets" "$SCB_DEMO_NAMESPACE" True + installResources "$BASE_DIR/demo-targets" "$SCB_DEMO_NAMESPACE" "true" fi if [[ -n "${INSTALL_SCANNERS}" ]]; then print "Starting to install 'scanners' into namespace '$SCB_NAMESPACE' ..." kubectl create namespace "$SCB_NAMESPACE" || print "Namespace '$SCB_NAMESPACE' already exists or could not be created!" - installResources "$BASE_DIR/scanners" "$SCB_NAMESPACE" True + installResources "$BASE_DIR/scanners" "$SCB_NAMESPACE" "true" fi if [[ -n "${INSTALL_HOOKS}" ]]; then From 08552bacec18f01efd01ccd7325554b723eb79fb Mon Sep 17 00:00:00 2001 From: Robert Seedorff Date: Fri, 2 Jul 2021 21:56:06 +0200 Subject: [PATCH 4/4] Fixed last issue Signed-off-by: Robert Seedorff --- bin/install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/install.sh b/bin/install.sh index 84ef00c51e..adb969e6f9 100755 --- a/bin/install.sh +++ b/bin/install.sh @@ -243,7 +243,7 @@ function unattendedInstall() { if [[ -n "${INSTALL_HOOKS}" ]]; then print "Starting to install 'hooks' into namespace '$SCB_NAMESPACE' ..." kubectl create namespace "$SCB_NAMESPACE" || print "Namespace '$SCB_NAMESPACE' already exists or could not be created!" - installResources "$BASE_DIR/hooks" "$SCB_NAMESPACE" True + installResources "$BASE_DIR/hooks" "$SCB_NAMESPACE" "true" fi print "$COLOR_OK" "Finished installation successfully!"