pipeline #13
This commit is contained in:
Julian Vollmer
parent
75a079d540
commit
8739705f7e
|
|
@ -121,7 +121,8 @@ jobs:
|
||||||
env:
|
env:
|
||||||
KUBECTLSECRET: ${{ secrets.KUBECTLSECRET }}
|
KUBECTLSECRET: ${{ secrets.KUBECTLSECRET }}
|
||||||
run: |
|
run: |
|
||||||
mkdir -p ~/.kube
|
# Always use an explicit kubeconfig path (do not rely on HOME expansion)
|
||||||
|
export KUBECONFIG="${GITHUB_WORKSPACE}/kubeconfig"
|
||||||
|
|
||||||
echo "🔍 Debugging KUBECTLSECRET..."
|
echo "🔍 Debugging KUBECTLSECRET..."
|
||||||
echo "Secret length: ${#KUBECTLSECRET}"
|
echo "Secret length: ${#KUBECTLSECRET}"
|
||||||
|
|
@ -133,64 +134,48 @@ jobs:
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Try to decode as base64 first, if that fails, use as plain text
|
# Try to decode as base64 first, if that fails, use as plain text
|
||||||
if echo "$KUBECTLSECRET" | base64 -d > ~/.kube/config 2>/dev/null; then
|
if echo "$KUBECTLSECRET" | base64 -d > "$KUBECONFIG" 2>/dev/null; then
|
||||||
echo "✅ KUBECTLSECRET decoded as base64"
|
echo "✅ KUBECTLSECRET decoded as base64"
|
||||||
else
|
else
|
||||||
echo "⚠️ KUBECTLSECRET is not base64, using as plain text"
|
echo "⚠️ KUBECTLSECRET is not base64, using as plain text"
|
||||||
echo "$KUBECTLSECRET" > ~/.kube/config
|
echo "$KUBECTLSECRET" > "$KUBECONFIG"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "📁 kubeconfig created at ~/.kube/config"
|
echo "📁 kubeconfig created at $KUBECONFIG"
|
||||||
chmod 600 ~/.kube/config
|
chmod 600 "$KUBECONFIG"
|
||||||
|
|
||||||
# Debug kubeconfig content (without sensitive data)
|
# Safe debug (do NOT print kubeconfig contents)
|
||||||
echo "🔍 Debugging kubeconfig structure..."
|
echo "🔍 kubeconfig sanity checks (safe):"
|
||||||
echo "File size: $(wc -c < ~/.kube/config) bytes"
|
echo "- contains clusters: $(grep -c '^clusters:' "$KUBECONFIG" || echo 0)"
|
||||||
|
echo "- contains contexts: $(grep -c '^contexts:' "$KUBECONFIG" || echo 0)"
|
||||||
echo "First few lines of kubeconfig (structure check):"
|
echo "- contains users: $(grep -c '^users:' "$KUBECONFIG" || echo 0)"
|
||||||
head -20 ~/.kube/config | grep -E "(apiVersion|kind|clusters|contexts|users|current-context)" || echo "No standard kubeconfig structure found"
|
echo "- contains current-context: $(grep -c '^current-context:' "$KUBECONFIG" || echo 0)"
|
||||||
|
echo "- contains token: $(grep -c '^[[:space:]]*token:' "$KUBECONFIG" || echo 0)"
|
||||||
echo "Checking for current-context:"
|
echo "- contains client-certificate-data: $(grep -c 'client-certificate-data:' "$KUBECONFIG" || echo 0)"
|
||||||
grep "current-context:" ~/.kube/config || echo "❌ No current-context found"
|
echo "- contains client-key-data: $(grep -c 'client-key-data:' "$KUBECONFIG" || echo 0)"
|
||||||
|
echo "- current-context line: $(grep '^current-context:' "$KUBECONFIG" || echo 'NOT FOUND')"
|
||||||
echo "Checking for clusters:"
|
|
||||||
grep -A 2 "clusters:" ~/.kube/config || echo "❌ No clusters found"
|
|
||||||
|
|
||||||
echo "Checking for users:"
|
|
||||||
grep -A 2 "users:" ~/.kube/config || echo "❌ No users found"
|
|
||||||
|
|
||||||
# Fix TLS issues by adding insecure-skip-tls-verify to all clusters
|
|
||||||
echo "🔧 Fixing TLS verification for self-signed certificates..."
|
|
||||||
|
|
||||||
# Get all cluster names and add insecure-skip-tls-verify
|
|
||||||
kubectl config get-clusters | tail -n +2 | while read cluster; do
|
|
||||||
if [ -n "$cluster" ]; then
|
|
||||||
echo "Setting insecure-skip-tls-verify for cluster: $cluster"
|
|
||||||
kubectl config set-cluster "$cluster" --insecure-skip-tls-verify=true
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
|
|
||||||
echo "✅ TLS configuration completed"
|
|
||||||
|
|
||||||
- name: Debug kubeconfig before kubectl test
|
- name: Debug kubeconfig before kubectl test
|
||||||
|
env:
|
||||||
|
KUBECONFIG: ${{ github.workspace }}/kubeconfig
|
||||||
run: |
|
run: |
|
||||||
echo "🔍 Final kubeconfig debug before kubectl test..."
|
echo "🔍 Final kubeconfig debug before kubectl test..."
|
||||||
echo "File exists: $(test -f ~/.kube/config && echo 'YES' || echo 'NO')"
|
echo "KUBECONFIG: $KUBECONFIG"
|
||||||
echo "File size: $(wc -c < ~/.kube/config 2>/dev/null || echo '0') bytes"
|
echo "File exists: $(test -f "$KUBECONFIG" && echo 'YES' || echo 'NO')"
|
||||||
|
echo "File size: $(wc -c < "$KUBECONFIG" 2>/dev/null || echo '0') bytes"
|
||||||
|
|
||||||
if [ -f ~/.kube/config ]; then
|
if [ -f "$KUBECONFIG" ]; then
|
||||||
echo "First 15 lines of kubeconfig:"
|
echo "Contains 'token': $(grep -c '^[[:space:]]*token:' "$KUBECONFIG" || echo '0')"
|
||||||
head -15 ~/.kube/config
|
echo "Contains 'client-certificate-data': $(grep -c 'client-certificate-data:' "$KUBECONFIG" || echo '0')"
|
||||||
echo "---"
|
echo "Contains 'client-key-data': $(grep -c 'client-key-data:' "$KUBECONFIG" || echo '0')"
|
||||||
echo "Contains 'insecure-skip-tls-verify'?: $(grep -c 'insecure-skip-tls-verify' ~/.kube/config || echo '0')"
|
echo "Current context: $(grep '^current-context:' "$KUBECONFIG" || echo 'NOT FOUND')"
|
||||||
echo "Contains 'client-certificate-data'?: $(grep -c 'client-certificate-data' ~/.kube/config || echo '0')"
|
|
||||||
echo "Contains 'client-key-data'?: $(grep -c 'client-key-data' ~/.kube/config || echo '0')"
|
|
||||||
echo "Current context: $(grep 'current-context:' ~/.kube/config || echo 'NOT FOUND')"
|
|
||||||
else
|
else
|
||||||
echo "❌ kubeconfig file does not exist!"
|
echo "❌ kubeconfig file does not exist!"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
- name: Test kubectl connection
|
- name: Test kubectl connection
|
||||||
|
env:
|
||||||
|
KUBECONFIG: ${{ github.workspace }}/kubeconfig
|
||||||
run: |
|
run: |
|
||||||
kubectl version --client
|
kubectl version --client
|
||||||
echo "Testing cluster connection..."
|
echo "Testing cluster connection..."
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue