kubectl-mesh

#!/bin/bash

usage () {
  echo "Usage: kubectl mesh [up|down|enable|disable]"
  echo "       up: [--mode [graph|canary]] [--cnamespace <control_namespace> --gitrepo <reponame> --gitbranch <branchname>]"
  echo "       down: [--cnamespace <control_namespace>]"
  echo "       enable: --namespace <namespace> [--deployment <deploymentname>]"
  echo "       disable: --namespace <namespace> [--deployment <deploymentname>]"
  exit 1
}

debug () {
  echo "mode = $MODE"
  echo "params = $OP"
  echo "control_namespace = $CNAMESPACE"
  echo "namespace = $NAMESPACE"
  echo "deployment = $DEPLOYMENT"
}

OP=""

while (( "$#" )); do
  case "$1" in
    -m|--mode)
      MODE=$2
      shift 2
      ;;
    -n|-namespace)
      NAMESPACE=$2
      shift 2
      ;;
    -cn|--cnamespace)
      CNAMESPACE=$2
      shift 2
      ;;
    -d|--deployment)
      DEPLOYMENT=$2
      shift 2
      ;;
    -t|--tag)
      TAG=$2
      shift 2
      ;;
    --gitrepo)
      GITREPO=$2
      shift 2
      ;;
    --gitbranch)
      GITBRANCH=$2
      shift 2
      ;;
    --)
      shift
      break
      ;;
    -h|--help)
      usage
      ;;
    -*|--*=)
      echo "Unsupported flag $1" >&2
      usage
      ;;
    *)
      if [ -z "$OP" ]
      then
        OP=$1
      else
        usage
      fi
      shift
      ;;
  esac
done

NAMESPACE=${NAMESPACE:-default}
CNAMESPACE=${CNAMESPACE:-istio-mesh}
TAG=${TAG:-master-20190731-09-16}
#GITREPO=${GITREPO:-http://github.com/canthefason/installer}
#GITBRANCH=${GITBRANCH:-fix-telemetry-non-tls}
GITREPO=${GITREPO:-http://github.com/istio/installer}
GITBRANCH=${GITBRANCH:-master}

#debug

case "$OP" in
  "up")
    if [ ! -d /tmp/installer ]; then
      # The only mandatory components are Pilot + Mixer. Pilot is to make Envoy work, and Mixer for collecting telemetry data.
      # We are enabling other components due to "uncut" dependencies, e.g., Envoy doesn't seem to work without Citadel generating secrets/certs.
      git clone $GITREPO -b $GITBRANCH /tmp/installer
    fi
    cd /tmp/installer

    case "$MODE" in
      ""|"graph")
        TAG=$TAG bin/iop $CNAMESPACE citadel ./security/citadel  --set global.istioNamespace=$CNAMESPACE --set global.configNamespace=$CNAMESPACE --set global.telemetryNamespace=$CNAMESPACE --set global.policyNamespace=$CNAMESPACE --set global.controlPlaneSecurityEnabled=false
        TAG=$TAG bin/iop $CNAMESPACE istio-discovery ./istio-control/istio-discovery --set global.istioNamespace=$CNAMESPACE --set global.configNamespace=$CNAMESPACE --set global.telemetryNamespace=$CNAMESPACE --set global.policyNamespace=$CNAMESPACE --set global.controlPlaneSecurityEnabled=false --set pilot.useMCP=false
        TAG=$TAG bin/iop $CNAMESPACE istio-mixer ./istio-telemetry/mixer-telemetry --set global.istioNamespace=$CNAMESPACE --set global.configNamespace=$CNAMESPACE --set global.telemetryNamespace=$CNAMESPACE --set global.policyNamespace=$CNAMESPACE --set global.controlPlaneSecurityEnabled=false --set mixer.telemetry.useMCP=false
        TAG=$TAG bin/iop $CNAMESPACE prometheus ./istio-telemetry/prometheus --set global.istioNamespace=$CNAMESPACE --set global.configNamespace=$CNAMESPACE --set global.telemetryNamespace=$CNAMESPACE --set global.policyNamespace=$CNAMESPACE --set prometheus.security.enabled=false
        TAG=$TAG bin/iop $CNAMESPACE kiali ./istio-telemetry/kiali --set global.istioNamespace=$CNAMESPACE --set global.configNamespace=$CNAMESPACE --set global.telemetryNamespace=$CNAMESPACE --set global.policyNamespace=$CNAMESPACE --set kiali.security.enabled=false --set global.prometheusNamespace=$CNAMESPACE
        TAG=$TAG bin/iop $CNAMESPACE istio-autoinject ./istio-control/istio-autoinject --set global.istioNamespace=$CNAMESPACE --set global.configNamespace=$CNAMESPACE --set global.telemetryNamespace=$CNAMESPACE --set global.policyNamespace=$CNAMESPACE --set global.controlPlaneSecurityEnabled=false --set global.proxy.autoInject=disabled --set sidecarInjectorWebhook.enableNamespacesByDefault=false --set sidecarInjectorWebhook.injectLabel=disabled
        ;;
      "canary")
        TAG=$TAG bin/iop $CNAMESPACE citadel ./security/citadel  --set global.istioNamespace=$CNAMESPACE --set global.configNamespace=$CNAMESPACE --set global.telemetryNamespace=$CNAMESPACE --set global.policyNamespace=$CNAMESPACE --set global.controlPlaneSecurityEnabled=false
        TAG=$TAG bin/iop $CNAMESPACE istio-discovery ./istio-control/istio-discovery --set global.istioNamespace=$CNAMESPACE --set global.configNamespace=$CNAMESPACE --set global.telemetryNamespace=$CNAMESPACE --set global.policyNamespace=$CNAMESPACE --set global.controlPlaneSecurityEnabled=false --set pilot.useMCP=false
        TAG=$TAG bin/iop $CNAMESPACE istio-mixer ./istio-telemetry/mixer-telemetry --set global.istioNamespace=$CNAMESPACE --set global.configNamespace=$CNAMESPACE --set global.telemetryNamespace=$CNAMESPACE --set global.policyNamespace=$CNAMESPACE --set global.controlPlaneSecurityEnabled=false --set mixer.telemetry.useMCP=false
        TAG=$TAG bin/iop $CNAMESPACE prometheus ./istio-telemetry/prometheus --set global.istioNamespace=$CNAMESPACE --set global.configNamespace=$CNAMESPACE --set global.telemetryNamespace=$CNAMESPACE --set global.policyNamespace=$CNAMESPACE --set prometheus.security.enabled=false
        TAG=$TAG bin/iop $CNAMESPACE istio-autoinject ./istio-control/istio-autoinject --set global.istioNamespace=$CNAMESPACE --set global.configNamespace=$CNAMESPACE --set global.telemetryNamespace=$CNAMESPACE --set global.policyNamespace=$CNAMESPACE --set global.controlPlaneSecurityEnabled=false
        TAG=$TAG bin/iop $CNAMESPACE istio-grafana ./istio-telemetry/grafana --set global.istioNamespace=$CNAMESPACE --set global.configNamespace=$CNAMESPACE --set global.telemetryNamespace=$CNAMESPACE --set global.policyNamespace=$CNAMESPACE --set global.controlPlaneSecurityEnabled=false
        ;;
      *)
        usage
        ;;
    esac
    ;;
  "down")
    kubectl delete namespace $CNAMESPACE
    for m in `kubectl get mutatingwebhookconfigurations.admissionregistration.k8s.io| grep istio-sidecar-injector|awk '{print $1}'`; do kubectl delete mutatingwebhookconfigurations.admissionregistration.k8s.io $m; done
    ;;
  "enable")
    # Specify one or more running deployments to have sidecar containers injected for instrumentation
    # i) when both --namespace and --deployment are specified, that deployment will be instrumented
    # ii) when only --deployment is specified, a deployment in the default namespace will be instrumented
    # iii) when only --namespace is specified, all the deployments in that namespace will be instrumented
    # iv) when no --namespace and --deployment are specified, all ods in the default namespace will be instrumented
    if [ -z $DEPLOYMENT ]
    then
      kubectl label namespace $NAMESPACE istio-env=$CNAMESPACE
      for m in `kubectl -n $NAMESPACE get deployments | awk 'NR>1 {print $1}'`; 
      do
        kubectl -n $NAMESPACE patch deployment $m --type='json' -p='[{"op": "add", "path":"/spec/template/metadata/annotations", "value":{"sidecar.istio.io/inject":"true"}}]'
      done
    else
      kubectl label namespace $NAMESPACE istio-env=$CNAMESPACE
      kubectl -n $NAMESPACE patch deployment $DEPLOYMENT --type='json' -p='[{"op": "add", "path":"/spec/template/metadata/annotations", "value":{"sidecar.istio.io/inject":"true"}}]'
    fi
    ;;
  "disable")
    if [ -z $DEPLOYMENT ]
    then
      kubectl label namespace $NAMESPACE istio-env-
      for m in `kubectl -n $NAMESPACE get deployments | awk 'NR>1 {print $1}'`;
      do
        kubectl -n $NAMESPACE patch deployment $m --type='json' -p='[{"op": "replace", "path":"/spec/template/metadata/annotations", "value":{"sidecar.istio.io/inject":"false"}}]'
      done
    else
      kubectl label namespace $NAMESPACE istio-env-
      kubectl -n $NAMESPACE patch deployment $DEPLOYMENT --type='json' -p='[{"op": "replace", "path":"/spec/template/metadata/annotations", "value":{"sidecar.istio.io/inject":"false"}}]'
    fi
    ;;
  *)
    echo "Mode $OP is not supported"
    usage
esac

exit 0