airship/charts
Code Issues Proposed changes
charts/tools/gate/jarvis/010-pre-setup.sh
Dustin Specker e9696dca0a feat: support setting up Vagrant behind corporate proxy with TLS 
This is a squashed commit, keeping previous messages intact for history.

- chore(tools/gate/jarvis): remove unused http_proxy

- fix(tools/gate/deploy-k8s): pre-pull Calico images

By pre-pulling Calico images, we can better ensure the timeout for
`kubectl wait` for `k8s-app=kube-dns` is sufficient, since most of the
time spent is on pulling images.

- fix(tools/gate/jarvis): skip loki Helm test when proxy is set

The Loki test attempts to install `curl` and `jq`, which will fail when
a proxy is required since the pod doesn't setup proxy environment
variables.

- feat(tools/deployment/vagrant): support providing a cert for proxy

- feat(ubuntu-base/standard-container): support internal-certs

The Vagrant file mounts an additional synced folder to
/airship_charts/tools/gate/jarvis/ubuntu-base/internal-certs.

This internal-certs dir has been added to this Git repository using a
placeholder `.gitkeep` file to keep the directory non-empty. This
directory has also been added to .gitignore to prevent any changes such
as the mounted internal certs from being committed.

The ubuntu-base image sets the proxy env vars as well as contains the
internal certs. The standard container is then based on the ubuntu-base
image.

The ubuntu-base image is published as library/ubuntu:focal in harbor.

- fix(tools/gate/jarvis): support Harbor behind proxy with cert

Change-Id: I602dfa3b04b798a1a2096242ffb6dfe7f2ba92e4
2021-03-08 08:56:29 -06:00

22 lines
850 B
Bash
Executable File
Raw Blame History

#!/bin/bash
set -ex
# NOTE: Use this script to perform necessary actions prior to start of the main
# deployment.
# Add the necessary corporate nameserver to systemd-resolved so it
# propagates properly and prevent it from overwriting.
# Replace 123.123.123.4 with the correct IP
: "${PRIVATE_NS:=""}"
if [ -n "${PRIVATE_NS}" ]; then
sudo -E sed -i -e 's/^DNS=/#DNS=/' /etc/systemd/resolved.conf
sudo -E sed -i -e "/^\[Resolve\]$/a DNS=${PRIVATE_NS}" /etc/systemd/resolved.conf
sudo rm -f /etc/resolv.conf
sudo ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf
sudo systemctl restart systemd-resolved
fi
# Update CA certificates in case internal certs have been mounted to /usr/share/local/ca-certificates
# via Vagrantfile. Need to run update-ca-certificates before any `curl`, etc. commands are done.
sudo update-ca-certificates
View Git Blame Copy Permalink