#!groovy def repository = "registry.c.test-chamber-13.lan" def repositoryCreds = "harbor-repository-creds" def workspace def dockerFile def nordCreds def kubeNamespace def kubeSecret def nordURL def openVPNConfig def k8sSecret def label = "kubernetes-${UUID.randomUUID().toString()}" def templateName = "pipeline-worker" pipeline { agent { kubernetes { yaml functions.podYaml( repo: repository, templateName: templateName, alpine: true ) } } stages { stage ('Initalize Jenkins') { steps { script { workspace = pwd() // jenkins secrets nordCreds = "nordvpn-login-creds" // kubernetes configuration kubeNamespace = "dl-automation" kubeSecret = "openvpn" } } } stage ('Prepare Values') { steps { container ('alpine') { script { retry(3) { try { // list of urls that return different nordVPN servers def nordURLs = [ // canada "https://api.nordvpn.com/v2/servers?limit=5&filters\\[country_id\\]=38&filters\\[servers_technologies\\]=5", // denmark "https://api.nordvpn.com/v2/servers?limit=5&filters\\[country_id\\]=58&filters\\[servers_technologies\\]=5", // france "https://api.nordvpn.com/v2/servers?limit=5&filters\\[country_id\\]=74&filters\\[servers_technologies\\]=5", // germany "https://api.nordvpn.com/v2/servers?limit=5&filters\\[country_id\\]=81&filters\\[servers_technologies\\]=5", // ireland "https://api.nordvpn.com/v2/servers?limit=5&filters\\[country_id\\]=10&filters\\[servers_technologies\\]=5", // japan "https://api.nordvpn.com/v2/servers?limit=5&filters\\[country_id\\]=108&filters\\[servers_technologies\\]=5", // sweden "https://api.nordvpn.com/v2/servers?limit=5&filters\\[country_id\\]=208&filters\\[servers_technologies\\]=5", // switzerland "https://api.nordvpn.com/v2/servers?limit=5&filters\\[country_id\\]=209&filters\\[servers_technologies\\]=5", // mexico "https://api.nordvpn.com/v2/servers?limit=5&filters\\[country_id\\]=140&filters\\[servers_technologies\\]=5", // netherlands "https://api.nordvpn.com/v2/servers?limit=5&filters\\[country_id\\]=153&filters\\[servers_technologies\\]=5", // united kingdom "https://api.nordvpn.com/v2/servers?limit=5&filters\\[country_id\\]=38&filters\\[servers_technologies\\]=5", // united states "https://api.nordvpn.com/v2/servers?limit=5&filters\\[country_id\\]=228&filters\\[servers_technologies\\]=5", ] // randomly select one from the list nordURL = nordURLs[Math.abs(new Random().nextInt() % [8])] // install required components script { sh """ if [ ! -f "/usr/bin/curl" ] || [ ! -x "/usr/bin/curl" ]; then apk add --no-cache curl fi if [ ! -f "/usr/bin/jq" ] || [ ! -x "/usr/bin/jq" ]; then apk add --no-cache jq fi if [ ! -f "/bin/sed" ] || [ ! -x "/bin/sed" ]; then apk add --no-cache sed fi """ } // get OpenVPN Configuration from NordVPN openVPNConfig = sh( returnStdout: true, script: """# Get OpenVPN Config curl \ --silent \ --location \ --fail \ "https://downloads.nordcdn.com/configs/files/ovpn_tcp/servers/\$( curl \ --silent \ --location \ --fail \ '""" + nordURL + """' \ | jq \ --raw-output \ '.servers | ([ .[].load ] | min) as \$m | first(.[] | select(.load == \$m)) | .hostname' \ ).tcp.ovpn" \ | sed \ --regexp-extended \ --expression='s/auth-user-pass/auth-user-pass \\/etc\\/openvpn\\/client\\/openvpn-credentials.txt/' \ | base64 -w 0 """ ) // check for error if (openVPNConfig.length() == 0 || openVPNConfig == "") { throw new Exception(nordURL) } } catch(e) { println(sprintf("Bad nordURL: %s", nordURL)) throw e } } // Create K8S Secret withCredentials( [ string( credentialsId: nordCreds, variable: "NORD_CREDS", ) ] ) { k8sSecret = """apiVersion: v1 kind: Secret metadata: name: """ + kubeSecret + """ namespace: """ + kubeNamespace + """ data: openvpn-credentials.txt: """ + NORD_CREDS + """ nordvpn.com.tcp.ovpn: """ + openVPNConfig + """ """ } } } } } stage ('Update Secret') { steps { container ('alpine') { script { declarativeFunctions.createSecret( kubeAuth: "k8s-dl-automation-access", kubeURL: "https://k8s.test-chamber-13.lan:8043", namespace: "dl-automation", secret: k8sSecret ) } } } } stage ('Read Secret') { steps { container ('alpine') { script { def result = declarativeFunctions.readSecret( kubeAuth: "k8s-dl-automation-access", kubeURL: "https://k8s.test-chamber-13.lan:8043", namespace: "dl-automation", secretName: "openvpn", secretID: "nordvpn.com.tcp.ovpn" ) if (result.length() == 0) { throw new Exception("Secret is empty.") } } } } } stage ('Restart Pod') { steps { container ('alpine') { script { declarativeFunctions.deletePod( kubeAuth: "k8s-dl-automation-access", kubeURL: "https://k8s.test-chamber-13.lan:8043", namespace: "dl-automation", selector: "app=deluge" ) } } } } } }