build-containers/nordvpn-autoconfigure.jenkins

def label = "jenkins-${UUID.randomUUID().toString()}"

def registry = "registry.c.test-chamber-13.lan"

def alpineImage = "${registry}/library/alpine"
def alpineTag = "latest"

def kubectlCreds = "rancher-admin-token"
def nordCreds = "nordvpn-login-creds"

def nordURLs = [
    // canada
    "https://nordvpn.com/wp-admin/admin-ajax.php?action=servers_recommendations&filters=\\{%22country_id%22:38,%22servers_groups%22:\\[15\\],%22servers_technologies%22:\\[5\\]\\}",
    // france
    "https://nordvpn.com/wp-admin/admin-ajax.php?action=servers_recommendations&filters=\\{%22country_id%22:74,%22servers_groups%22:\\[15\\],%22servers_technologies%22:\\[5\\]\\}",
    // gremany
    "https://nordvpn.com/wp-admin/admin-ajax.php?action=servers_recommendations&filters=\\{%22country_id%22:81,%22servers_groups%22:\\[15\\],%22servers_technologies%22:\\[5\\]\\}",
    // japan
    "https://nordvpn.com/wp-admin/admin-ajax.php?action=servers_recommendations&filters=\\{%22country_id%22:108,%22servers_groups%22:\\[15\\],%22servers_technologies%22:\\[5\\]\\}",
    // sweden
    "https://nordvpn.com/wp-admin/admin-ajax.php?action=servers_recommendations&filters=\\{%22country_id%22:208,%22servers_groups%22:\\[15\\],%22servers_technologies%22:\\[5\\]\\}",
    // switzerland
    "https://nordvpn.com/wp-admin/admin-ajax.php?action=servers_recommendations&filters=\\{%22country_id%22:209,%22servers_groups%22:\\[15\\],%22servers_technologies%22:\\[5\\]\\}",
    // netherlands
    "https://nordvpn.com/wp-admin/admin-ajax.php?action=servers_recommendations&filters=\\{%22country_id%22:153,%22servers_groups%22:\\[15\\],%22servers_technologies%22:\\[5\\]\\}",
    // united kingdom
    "https://nordvpn.com/wp-admin/admin-ajax.php?action=servers_recommendations&filters=\\{%22country_id%22:38,%22servers_groups%22:\\[15\\],%22servers_technologies%22:\\[5\\]\\}",
]
def nordURL = nordURLs[Math.abs(new Random().nextInt() % [8])]

def kubeNamespace = "dl-automation"
def kubeSecret = "openvpn"

podTemplate(
	label: label,
	name: "pipeline-worker",
	yaml: """---
apiVersion: v1
kind: Pod
metadata:
  name: pipeline-worker
spec:
  containers:
  - name: alpine
    imagePullPolicy: Always
    image: ${alpineImage}:${alpineTag}
    tty: true
    command:
    - /bin/sh
""",
) {
	node (label) {
		def workspace = pwd()

        stage ("Update Secret") {
            container ("alpine") {
				sh """
					apk add --no-cache curl jq sed
					KUBE_VERSION="\$(curl --location --silent https://dl.k8s.io/release/stable.txt)"
					curl \
					  --location \
					  --silent \
					  --output /usr/local/bin/kubectl \
					  "https://dl.k8s.io/release/\${KUBE_VERSION}/bin/linux/amd64/kubectl"
					chmod +x /usr/local/bin/kubectl
				"""

				withCredentials([string(
					credentialsId: nordCreds,
					variable: "NORD_CREDS",
				)]) {

                    withKubeConfig([
    					credentialsId: kubectlCreds,
	    				serverUrl: "https://rancher.test-chamber-13.lan/k8s/clusters/c-mc9cq",
		    			namespace: "webservers"
			    	]) {
    				    sh """
	    		            # Get OpenVPN Config
		    		        OPENVPN_CONFIG="\$(
			    	            curl \
    			    	            --silent \
	    			                --location \
		    		                --fail \
			    	                "https://downloads.nordcdn.com/configs/files/ovpn_tcp/servers/\$(
    				                    curl \
	    			                        --silent \
		    		                        --location \
			    	                        --fail \
				                            '""" + nordURL + """' \
				                        | jq \
				                            --raw-output \
				                            '[.[] | select(.technologies[] | .identifier == "openvpn_tcp")][0] | .hostname' \
				                        ).tcp.ovpn" \
    				                | sed \
	    			                    --regexp-extended \
		    		                    --expression='s/auth-user-pass/auth-user-pass \\/etc\\/openvpn\\/client\\/openvpn-credentials.txt/' \
			    	                | base64 -w 0
				                )"
				            printf '%s\n' \
                                "apiVersion: v1" \
                                "kind: Secret" \
                                "metadata:" \
                                "  name: """ + kubeSecret + """" \
                                "  namespace: """ + kubeNamespace + """" \
                                "data:" \
                                "  openvpn-credentials.txt: \${NORD_CREDS}" \
                                "  us5766.nordvpn.com.tcp.ovpn: \${OPENVPN_CONFIG}" > /tmp/openvpn-secret.kubectl

    				        kubectl apply --namespace """ + kubeNamespace + """ -f /tmp/openvpn-secret.kubectl
                            for i in \$(kubectl get pods --namespace """ + kubeNamespace + """ --selector app="deluge" -o name); do
                                kubectl delete --namespace """ + kubeNamespace + """ \${i}
                            done
                        """
				    }
                }
			}
		}
	}
}