Merge branch 'master' into bump-automation-flavors-versions-pr-206

stackrox · Jun 13, 2024 · 2b96af1 · 2b96af1
2 parents b40a28b + 86c0a53
commit 2b96af1
Show file tree

Hide file tree

Showing 4 changed files with 63 additions and 18 deletions.
diff --git a/Makefile b/Makefile
@@ -257,23 +257,23 @@ bounce-argo-pods:
 ## Secrets ##
 #############
 .PHONY: secrets-download
-secrets-download: pre-check
+secrets-download:
  @./scripts/deploy/secrets.sh download_secrets $(ENVIRONMENT)
 
 .PHONY: secrets-upload
-secrets-upload: pre-check
+secrets-upload:
  @./scripts/deploy/secrets.sh upload_secrets $(ENVIRONMENT) $(SECRET_VERSION)
 
 .PHONY: secrets-show
-secrets-show: pre-check
+secrets-show:
  @./scripts/deploy/secrets.sh show $(ENVIRONMENT) $(SECRET_VERSION)
 
 .PHONY: secrets-edit
-secrets-edit: pre-check
+secrets-edit:
  @./scripts/deploy/secrets.sh edit $(ENVIRONMENT) $(SECRET_VERSION)
 
 .PHONY: secrets-revert
-secrets-revert: pre-check
+secrets-revert:
  @./scripts/deploy/secrets.sh revert $(ENVIRONMENT) $(SECRET_VERSION)
 
 ##################

diff --git a/chart/infra-server/static/flavors.yaml b/chart/infra-server/static/flavors.yaml
@@ -157,7 +157,7 @@
 
  - name: machine-type
  description: node machine type
- value: e2-standard-4
+ value: e2-standard-8
  kind: optional
 
  - name: k8s-version

diff --git a/scripts/deploy/secrets.sh b/scripts/deploy/secrets.sh
@@ -6,17 +6,7 @@ TASK="$1"
 ENVIRONMENT="$2"
 SECRET_VERSION="${3:-latest}"
 
-PROJECT="stackrox-infra"
-
-check_not_empty() {
- for V in "$@"; do
- typeset -n VAR="$V"
- if [ -z "${VAR:-}" ]; then
- echo "ERROR: Variable $V is not set or empty"
- exit 1
- fi
- done
-}
+PROJECT="${INFRA_GCP_PROJECT:-acs-team-automation}"
 
 # Downloads secrets files for an ENVIRONMENT.
 download_secrets() {
@@ -96,5 +86,4 @@ revert() {
  upload_secrets
 }
 
-check_not_empty TASK ENVIRONMENT
 eval "$TASK"
diff --git a/scripts/orphan-clusters/gke-destroyer.sh b/scripts/orphan-clusters/gke-destroyer.sh
@@ -0,0 +1,56 @@
+#!/bin/bash
+
+set -euo pipefail
+
+if [[ "$#" -lt "2" ]]; then
+ >&2 echo "Usage: gke-destroyer.sh <prefix> <workflow>"
+ exit 6
+fi
+
+PREFIX="${1}"
+WORKFLOW_NAME="${2}"
+CLUSTER_NAME="$(kubectl get workflow "${WORKFLOW_NAME}" -o yaml | yq '.metadata.labels["infra.stackrox.com/cluster-id"]')"
+
+TIMESTAMP=$(date +%s)
+RUNNER_NAME="${PREFIX}-${CLUSTER_NAME}-destroyer-${TIMESTAMP}"
+AUTOMATION_FLAVORS_TAG=$(yq '.annotations.automationFlavorsVersion' chart/infra-server/Chart.yaml)
+
+manifest=$(cat <<EOF
+apiVersion: v1
+kind: Pod
+metadata:
+ name: ${RUNNER_NAME}
+spec:
+ containers:
+ - name: destroy
+ image: quay.io/stackrox-io/ci:automation-flavors-gke-default-${AUTOMATION_FLAVORS_TAG}
+ imagePullPolicy: Always
+ command:
+ - /usr/bin/entrypoint
+ args:
+ - destroy
+ - --name=${CLUSTER_NAME}
+ - --gcp-project=acs-team-temp-dev
+ env:
+ - name: GOOGLE_CREDENTIALS
+ valueFrom:
+ secretKeyRef:
+ name: google-credentials
+ key: google-credentials.json
+ volumeMounts:
+ - mountPath: /tmp
+ name: credentials
+ volumes:
+ - name: credentials
+ secret:
+ defaultMode: 420
+ secretName: google-credentials
+ restartPolicy: Never
+EOF
+)
+
+echo "${manifest}" | kubectl apply -f -
+
+sleep 20
+
+kubectl logs -f "${RUNNER_NAME}"