diff --git a/.buildkite/build.pipeline.yml b/.buildkite/build.pipeline.yml new file mode 100644 index 0000000..a41d014 --- /dev/null +++ b/.buildkite/build.pipeline.yml @@ -0,0 +1,6 @@ +steps: + + - label: Build Docker image + command: + - gcloud docker -- build --tag gcr.io/infolinks-gcr/k8s-ingress-networks:${BUILDKITE_COMMIT} . + - gcloud docker -- push gcr.io/infolinks-gcr/k8s-ingress-networks:${BUILDKITE_COMMIT} diff --git a/.buildkite/release.pipeline.yml b/.buildkite/release.pipeline.yml new file mode 100644 index 0000000..5a9384a --- /dev/null +++ b/.buildkite/release.pipeline.yml @@ -0,0 +1,9 @@ +steps: + + - label: Build versioned Docker image + command: + - gcloud docker -- pull gcr.io/infolinks-gcr/k8s-ingress-networks:${BUILDKITE_COMMIT} + - gcloud docker -- tag gcr.io/infolinks-gcr/k8s-ingress-networks:${BUILDKITE_COMMIT} infolinks/k8s-ingress-networks:${VERSION} + - gcloud docker -- push infolinks/k8s-ingress-networks:${VERSION} + - gcloud docker -- tag gcr.io/infolinks-gcr/k8s-ingress-networks:${BUILDKITE_COMMIT} infolinks/k8s-ingress-networks:latest + - gcloud docker -- push infolinks/k8s-ingress-networks:latest diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index da695a9..0000000 --- a/.travis.yml +++ /dev/null @@ -1,16 +0,0 @@ -language: generic -sudo: required -services: - - docker -before_script: - - docker login -u "${DOCKERHUB_USERNAME}" -p "${DOCKERHUB_PASSWORD}" -script: - - .travis/build.sh -after_script: - - | - if [[ "${TRAVIS_BRANCH}" == "master" ]]; then - docker run infolinks/github-release \ - --token="${GITHUB_ACCESS_TOKEN}" \ - --repo="${TRAVIS_REPO_SLUG}" \ - --commit="${TRAVIS_COMMIT}" - fi diff --git a/.travis/build.sh b/.travis/build.sh deleted file mode 100755 index 8dda5fa..0000000 --- a/.travis/build.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/bin/env bash - -set -e - -docker build -t infolinks/k8s-ingress-networks:${TRAVIS_COMMIT} . - -if [[ ${TRAVIS_TAG} =~ ^v[0-9]+$ ]]; then - docker tag infolinks/k8s-ingress-networks:${TRAVIS_COMMIT} infolinks/k8s-ingress-networks:${TRAVIS_TAG} - docker push infolinks/k8s-ingress-networks:${TRAVIS_TAG} - docker tag infolinks/k8s-ingress-networks:${TRAVIS_COMMIT} infolinks/k8s-ingress-networks:latest - docker push infolinks/k8s-ingress-networks:latest -fi diff --git a/README.md b/README.md index de0bb77..62fa28a 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,9 @@ # k8s-ingress-networks -[![Build Status](https://travis-ci.org/infolinks/k8s-ingress-networks.svg?branch=master)](https://travis-ci.org/infolinks/k8s-ingress-networks) +[![Build status](https://badge.buildkite.com/6cf1a63094e63e217070a9ed4bbdebf744984160cdd34d4f05.svg)](https://buildkite.com/infolinks/k8s-ingress-networks) Container for continually ensuring that a Kubernetes Ingress resources is restricted only to a set of whitelisted -networks (CIDR ranges) based on a list of named networks. +networks (CIDR ranges) based on a list of named networks. This container will: @@ -18,7 +18,7 @@ between network names and CIDR ranges. When running externally to a Kubernetes cluster, make sure that you configure `kubectl` to properly access your cluster. -If this container is running inside a Kubernetes cluster, you just need to make sure the `Pod` running this container +If this container is running inside a Kubernetes cluster, you just need to make sure the `Pod` running this container has the RBAC permissions to use `kubectl`. ## Contributions diff --git a/scan-ingress-networks.sh b/scan-ingress-networks.sh index fa25278..db5fef8 100755 --- a/scan-ingress-networks.sh +++ b/scan-ingress-networks.sh @@ -1,13 +1,16 @@ #!/usr/bin/env bash -CONFIG_MAP_NAMESPACE=${CONFIG_MAP_NAMESPACE} -if [[ -z "${CONFIG_MAP_NAMESPACE}" ]]; then - echo "Environment variable 'CONFIG_MAP_NAMESPACE' not defined" >&2 - exit 1 +# small IntelliJ hack to prevent warning on non-existing variables +if [[ "THIS_WILL_NEVER_BE_TRUE" == "true" ]]; then + CONFIG_MAP_NAMESPACE=${CONFIG_MAP_NAMESPACE} + CONFIG_MAP_NAME=${CONFIG_MAP_NAME} fi -CONFIG_MAP_NAME=${CONFIG_MAP_NAME} -if [[ -z "${CONFIG_MAP_NAME}" ]]; then +# validate required parameters +if [[ -z "${CONFIG_MAP_NAMESPACE}" ]]; then + echo "environment variable 'CONFIG_MAP_NAMESPACE' not defined" >&2 + exit 1 +elif [[ -z "${CONFIG_MAP_NAME}" ]]; then echo "Environment variable 'CONFIG_MAP_NAME' not defined" >&2 exit 1 fi