@@ -11,6 +11,10 @@ CERT_MASTER_EMAIL="${CERT_MASTER_EMAIL:-certmaster@example.com}"
1111# default is set to TRUE to deploy it unless changed
1212DEPLOY_CERT_MANAGER=" ${DEPLOY_CERT_MANAGER:- TRUE} "
1313
14+ # DEPLOY_CALLING_SERVICES env variable is used to decide if sftd and coturn should get deployed
15+ # default is set to TRUE to deploy them unless changed
16+ DEPLOY_CALLING_SERVICES=" ${DEPLOY_CALLING_SERVICES:- TRUE} "
17+
1418# DUMP_LOGS_ON_FAIL to dump logs on failure
1519# it is false by default
1620DUMP_LOGS_ON_FAIL=" ${DUMP_LOGS_ON_FAIL:- FALSE} "
@@ -19,9 +23,7 @@ DUMP_LOGS_ON_FAIL="${DUMP_LOGS_ON_FAIL:-FALSE}"
1923# assuming it to be the public address used by clients to reach public Address
2024HOST_IP=" ${HOST_IP:- } "
2125
22- if [ -z " $HOST_IP " ]; then
23- HOST_IP=$( wget -qO- https://api.ipify.org)
24- fi
26+ CALLING_NODE=" "
2527
2628function dump_debug_logs {
2729 local exit_code=$?
@@ -32,12 +34,28 @@ function dump_debug_logs {
3234}
3335trap dump_debug_logs ERR
3436
35- # picking a node for calling traffic (3rd kube worker node)
36- CALLING_NODE=$( kubectl get nodes --no-headers | tail -n 1 | awk ' {print $1}' )
37- if [[ -z " $CALLING_NODE " ]]; then
38- echo " Error: could not determine the last kube worker node via kubectl"
39- exit 1
40- fi
37+ configure_calling_environment () {
38+
39+ if [[ " $DEPLOY_CALLING_SERVICES " != " TRUE" ]]; then
40+ return 0
41+ fi
42+
43+ if [[ -z " $HOST_IP " ]]; then
44+ HOST_IP=$( wget -qO- https://api.ipify.org)
45+ fi
46+
47+ if [[ -z " $HOST_IP " ]]; then
48+ echo " Error: could not determine HOST_IP automatically"
49+ exit 1
50+ fi
51+
52+ # picking a node for calling traffic (3rd kube worker node)
53+ CALLING_NODE=$( kubectl get nodes --no-headers | tail -n 1 | awk ' {print $1}' )
54+ if [[ -z " $CALLING_NODE " ]]; then
55+ echo " Error: could not determine the last kube worker node via kubectl"
56+ exit 1
57+ fi
58+ }
4159
4260sync_pg_secrets () {
4361 echo " Retrieving PostgreSQL password from databases-ephemeral for wire-server deployment..."
@@ -60,7 +78,15 @@ process_values() {
6078
6179 ENV=$1
6280 TYPE=$2
63- charts=(fake-aws smtp rabbitmq databases-ephemeral reaper wire-server webapp account-pages team-settings ingress-nginx-controller nginx-ingress-services coturn sftd cert-manager)
81+ charts=(fake-aws demo-smtp rabbitmq databases-ephemeral reaper wire-server webapp account-pages team-settings ingress-nginx-controller)
82+
83+ if [[ " $DEPLOY_CERT_MANAGER " == " TRUE" ]]; then
84+ charts+=(nginx-ingress-services cert-manager)
85+ fi
86+
87+ if [[ " $DEPLOY_CALLING_SERVICES " == " TRUE" ]]; then
88+ charts+=(coturn sftd)
89+ fi
6490
6591 if [[ " $ENV " != " prod" ]] || [[ -z " $TYPE " ]] ; then
6692 echo " Error: This function only supports prod deployments with TYPE as values or secrets. ENV must be 'prod', got: '$ENV ' and '$TYPE '"
@@ -92,41 +118,55 @@ configure_values() {
92118 TEMP_DIR=$( mktemp -d)
93119 trap ' rm -rf $TEMP_DIR' EXIT
94120
95- # to find IP address of calling NODE
96- CALLING_NODE_IP=$( kubectl get node " $CALLING_NODE " -o jsonpath=' {.status.addresses[?(@.type=="InternalIP")].address}' )
97-
98121 # Fixing the hosts with TARGET_SYSTEM and setting the turn server
99122 sed -e " s/example.com/$TARGET_SYSTEM /g" \
100123 " $BASE_DIR /values/wire-server/values.yaml" > " $TEMP_DIR /wire-server-values.yaml"
101124
102- # fixing the turnStatic values
103- yq eval -i " .brig.turnStatic.v2 = [\" turn:$HOST_IP :3478\" , \" turn:$HOST_IP :3478?transport=tcp\" ]" " $TEMP_DIR /wire-server-values.yaml"
104-
105125 # Fixing the hosts in webapp team-settings and account-pages charts
106126 for chart in webapp team-settings account-pages; do
107127 sed " s/example.com/$TARGET_SYSTEM /g" " $BASE_DIR /values/$chart /values.yaml" > " $TEMP_DIR /$chart -values.yaml"
108128 done
109129
110- # Setting certManager and DNS records
111- sed -e ' s/useCertManager: false/useCertManager: true/g' \
112- -e " /certmasterEmail:$/s/certmasterEmail:/certmasterEmail: $CERT_MASTER_EMAIL /" \
113- -e " s/example.com/$TARGET_SYSTEM /" \
114- " $BASE_DIR /values/nginx-ingress-services/values.yaml" > " $TEMP_DIR /nginx-ingress-services-values.yaml"
130+ files=(wire-server-values.yaml webapp-values.yaml team-settings-values.yaml account-pages-values.yaml)
131+
132+ if [[ " $DEPLOY_CERT_MANAGER " == " TRUE" ]]; then
133+ # Setting certManager and DNS records for Let's Encrypt based certificate management
134+ sed -e ' s/useCertManager: false/useCertManager: true/g' \
135+ -e " /certmasterEmail:$/s/certmasterEmail:/certmasterEmail: $CERT_MASTER_EMAIL /" \
136+ -e " s/example.com/$TARGET_SYSTEM /" \
137+ " $BASE_DIR /values/nginx-ingress-services/values.yaml" > " $TEMP_DIR /nginx-ingress-services-values.yaml"
138+
139+ files+=(nginx-ingress-services-values.yaml)
140+ fi
141+
142+ if [[ " $DEPLOY_CALLING_SERVICES " == " TRUE" ]]; then
143+ # to find IP address of calling NODE
144+ CALLING_NODE_IP=$( kubectl get node " $CALLING_NODE " -o jsonpath=' {.status.addresses[?(@.type=="InternalIP")].address}' )
145+
146+ # fixing the turnStatic values
147+ yq eval -i " .brig.turnStatic.v2 = [\" turn:$HOST_IP :3478\" , \" turn:$HOST_IP :3478?transport=tcp\" ]" " $TEMP_DIR /wire-server-values.yaml"
115148
116- # Fixing SFTD hosts and setting the cert-manager to http01
117- sed -e " s/webapp.example.com/webapp.$TARGET_SYSTEM /" \
118- -e " s/sftd.example.com/sftd.$TARGET_SYSTEM /" \
119- -e ' s/name: letsencrypt-prod/name: letsencrypt-http01/' \
120- " $BASE_DIR /values/sftd/values.yaml" > " $TEMP_DIR /sftd-values.yaml"
149+ # Fix SFTD hostnames, and only enable Let's Encrypt specific issuer changes when cert-manager is enabled.
150+ sed -e " s/webapp.example.com/webapp.$TARGET_SYSTEM /" \
151+ -e " s/sftd.example.com/sftd.$TARGET_SYSTEM /" \
152+ " $BASE_DIR /values/sftd/values.yaml" > " $TEMP_DIR /sftd-values.yaml"
121153
122- # Setting coturn node IP values
123- yq eval -i " .coturnTurnListenIP = \" $CALLING_NODE_IP \" " " $BASE_DIR /values/coturn/values.yaml"
124- yq eval -i " .coturnTurnRelayIP = \" $CALLING_NODE_IP \" " " $BASE_DIR /values/coturn/values.yaml"
125- yq eval -i " .coturnTurnExternalIP = \" $HOST_IP \" " " $BASE_DIR /values/coturn/values.yaml"
154+ cp " $BASE_DIR /values/coturn/values.yaml" " $TEMP_DIR /coturn-values.yaml"
155+
156+ if [[ " $DEPLOY_CERT_MANAGER " == " TRUE" ]]; then
157+ yq eval -i ' .tls.issuerRef.name = "letsencrypt-http01"' " $TEMP_DIR /sftd-values.yaml"
158+ fi
159+
160+ # Setting coturn node IP values
161+ yq eval -i " .coturnTurnListenIP = \" $CALLING_NODE_IP \" " " $TEMP_DIR /coturn-values.yaml"
162+ yq eval -i " .coturnTurnRelayIP = \" $CALLING_NODE_IP \" " " $TEMP_DIR /coturn-values.yaml"
163+ yq eval -i " .coturnTurnExternalIP = \" $HOST_IP \" " " $TEMP_DIR /coturn-values.yaml"
164+
165+ files+=(sftd-values.yaml coturn-values.yaml)
166+ fi
126167
127168 # Compare and copy files if different
128- for file in wire-server-values.yaml webapp-values.yaml team-settings-values.yaml account-pages-values.yaml \
129- nginx-ingress-services-values.yaml sftd-values.yaml; do
169+ for file in " ${files[@]} " ; do
130170 if ! cmp -s " $TEMP_DIR /$file " " $BASE_DIR /values/${file% -values.yaml} /values.yaml" ; then
131171 cp " $TEMP_DIR /$file " " $BASE_DIR /values/${file% -values.yaml} /values.yaml"
132172 echo " Updating $BASE_DIR /values/${file% -values.yaml} /values.yaml"
@@ -188,6 +228,11 @@ deploy_cert_manager() {
188228
189229deploy_calling_services () {
190230
231+ if [[ " $DEPLOY_CALLING_SERVICES " != " TRUE" ]]; then
232+ echo " Skipping sftd and coturn deployment because DEPLOY_CALLING_SERVICES=$DEPLOY_CALLING_SERVICES "
233+ return 0
234+ fi
235+
191236 echo " Deploying sftd and coturn"
192237 # select the node to deploy sftd
193238 kubectl annotate node " $CALLING_NODE " wire.com/external-ip=" $HOST_IP " --overwrite
@@ -202,6 +247,9 @@ deploy_calling_services() {
202247
203248main () {
204249
250+ # initialize calling-service specific values only when enabled
251+ configure_calling_environment
252+
205253# Create prod-values.example.yaml to values.yaml and take backup
206254process_values " prod" " values"
207255# Create prod-secrets.example.yaml to secrets.yaml and take backup
@@ -228,7 +276,7 @@ if [[ "$DEPLOY_CERT_MANAGER" == "TRUE" ]]; then
228276 kubectl get certificate
229277fi
230278
231- # deploying sft and coturn services
279+ # deploying sft and coturn services when enabled
232280deploy_calling_services
233281}
234282
0 commit comments