-
Notifications
You must be signed in to change notification settings - Fork 11
/
Copy pathapply-cluster.sh
executable file
·74 lines (63 loc) · 2.69 KB
/
apply-cluster.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
#!/bin/bash
#
# apply-cluster.sh applies the k8s cluster configuration to the currently
# configured cluster. This script may be safely run multiple times to load the
# most recent configurations.
#
# Example:
#
# PROJECT=mlab-sandbox CLUSTER=prometheus-federation ./apply-cluster.sh
set -e
set -u
set -x
source config.sh
# Replace the template variables.
sed -e 's|{{CLUSTER}}|'${CLUSTER}'|g' \
config/${CLUSTER}/prometheus/prometheus.yml.template > \
config/${CLUSTER}/prometheus/prometheus.yml
# Prometheus config map.
kubectl create configmap prometheus-cluster-config \
--from-file=config/${CLUSTER}/prometheus \
--dry-run="client" -o json | kubectl apply -f -
kubectl create secret generic prometheus-auth \
"--from-literal=auth=$(htpasswd -nb ${!PROM_AUTH_USER} ${!PROM_AUTH_PASS})"\
--dry-run="client" -o json | kubectl apply -f -
# Replace template variables in oauth2-proxy.yml.
sed -i -e 's|{{OAUTH_PROXY_CLIENT_ID}}|'${!OAUTH_PROXY_CLIENT_ID}'|g' \
-e 's|{{OAUTH_PROXY_CLIENT_SECRET}}|'${!OAUTH_PROXY_CLIENT_SECRET}'|g' \
-e 's|{{OAUTH_PROXY_COOKIE_SECRET}}|'${!OAUTH_PROXY_COOKIE_SECRET}'|g' \
k8s/${CLUSTER}/deployments/oauth2-proxy.yml
# Additional k8s resources installed via Helm
#
# Install the NGINX ingress controller in the ingress-nginx namespace.
kubectl create namespace ingress-nginx --dry-run="client" -o json | kubectl apply -f -
./linux-amd64/helm upgrade --install ingress-nginx ingress-nginx/ingress-nginx \
--namespace ingress-nginx \
--version ${K8S_INGRESS_NGINX_VERSION} \
--values helm/${CLUSTER}/ingress-nginx/${PROJECT}.yml
# Install cert-manager.
#
# NOTE: for testing of cert-manager/certificates which might exhaust
# our API limits for LetsEncrypt's production ACME servers, please change the
# defaultIssuerName below to "letsencrypt-staging". Once your testing is done,
# change it back to "letsencrypt". LE staging ACME servers have much higher
# quotes/limits, and issue valid certificates, but ones which aren't trusted by
# most clients (browsers, etc.).
./linux-amd64/helm upgrade --install cert-manager jetstack/cert-manager \
--namespace cert-manager \
--create-namespace \
--version v1.8.0 \
--set installCRDs=true \
--set ingressShim.defaultIssuerKind=ClusterIssuer \
--set ingressShim.defaultIssuerName=letsencrypt
# Check for per-project template variables.
if [[ ! -f "k8s/${CLUSTER}/${PROJECT}.yml" ]] ; then
echo "No template variables found for k8s/${CLUSTER}/${PROJECT}.yml"
# This is not necessarily an error, so exit cleanly.
exit 0
fi
# Apply templates
CFG=/tmp/${CLUSTER}-${PROJECT}.yml
kexpand expand --ignore-missing-keys k8s/${CLUSTER}/*/*.yml \
-f k8s/${CLUSTER}/${PROJECT}.yml > ${CFG}
kubectl apply -f ${CFG}