#!/bin/bash echo "... ] Setup Applications [ ..." if [ -f config ]; then echo "config file FOUND :)" source config else echo "config file is missing." exit 1 fi export CEPH_MONITOR_1 export CEPH_MONITOR_2 export CEPH_MONITOR_3 export CLUSTER_DOMAIN export REGISTRY_URL export LOKI_STORAGE_SIZE export LOKI_RETENTION allRunning() { podStatus=$(kubectl get pods -n $1 -o=jsonpath='{range .items[*]}{.status.conditions[?(@.type=="ContainersReady")].status}{"\n"}{end}') for elem in $podStatus do #echo $elem if [ $elem != "True" ] then return 0 fi done return 1 } # Setup Helm repositories helm repo add jetstack https://charts.jetstack.io helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx helm repo add prometheus-community https://prometheus-community.github.io/helm-charts helm repo add grafana https://grafana.github.io/helm-charts helm repo update # Setup ACME if [ $CERT_MODE == "True" ] ; then echo "] deploying cert-manager helm chart..." kubectl create namespace cert-manager kubectl -n cert-manager create secret generic cf-api-secret --from-literal=cf-api-key=${CLOUDFLARE_API_KEY} kubectl apply -f yaml/cert-manager/cert-manager.crds.yaml helm install \ cert-manager jetstack/cert-manager \ --namespace cert-manager \ --version v1.1.0 \ -f yaml/cert-manager/values.yaml echo "] Setup cert-manager issuers ... " while : do allRunning cert-manager allAreRunning=$? if [ $allAreRunning == 1 ]; then sleep 10 break fi done cat yaml/cert-manager/letsencrypt-staging-clusterissuer.yaml | sed "s/var_acme_email/${ADMIN_EMAIL}/" | kubectl -n kube-system apply -f - cat yaml/cert-manager/letsencrypt-staging-dns-clusterissuer.yaml | sed "s/var_acme_email/${ADMIN_EMAIL}/" | kubectl -n kube-system apply -f - cat yaml/cert-manager/letsencrypt-production-clusterissuer.yaml | sed "s/var_acme_email/${ADMIN_EMAIL}/" | kubectl -n kube-system apply -f - cat yaml/cert-manager/letsencrypt-production-dns-clusterissuer.yaml | sed "s/var_acme_email/${ADMIN_EMAIL}/" | kubectl -n kube-system apply -f - fi # Setup Ingress-Nginx kubectl create namespace ingress-nginx if [ $CERT_MODE == "True" ] ; then echo "] Deploying ingress-nginx helm chart WITH TLS termination in TCP/PROXY mode..." k8x_proxy_mode="true" else echo "] Deploying ingress-nginx helm chart WITHOUT TLS termination in HTTP mode..." k8x_proxy_mode="false" fi helm install \ ingress-nginx ingress-nginx/ingress-nginx \ --namespace ingress-nginx \ --set-string controller.config.use-proxy-protocol="${k8x_proxy_mode}" \ --set-string controller.maxmindLicenseKey="${MAXMIND_LIC}" \ --version 3.34.0 \ -f yaml/ingress-nginx/values.yaml # Setup Monitoring kubectl create namespace monitoring kubectl create namespace loki # Setup Zabbix echo "] Deploying zabbix-agent for host monitoring..." kubectl -n monitoring create secret generic zabbix-psk-secret --from-literal=zabbix_agentd.psk=${ZABBIX_PSK} kubectl -n monitoring create secret generic zabbix-psk-id-secret --from-literal=zabbix_psk_id=${ZABBIX_PSK_ID} cat yaml/monitoring/zabbix-agent-daemonset.yaml | sed "s/k8x_zabbix_server/${ZABBIX_SERVER}/" | kubectl -n monitoring apply -f - # Setup Prometheus metrics echo "] Deploying prometheus for metrics aggregation..." cat yaml/monitoring/prometheus-volumes.yaml | envsubst | kubectl apply -f - helm install \ prometheus prometheus-community/prometheus \ --namespace monitoring \ -f yaml/monitoring/prometheus-values.yaml # Setup PLG Stack echo "] Deploying Promtail for logs aggregation ..." #promtail helm install \ promtail grafana/promtail \ --namespace monitoring \ -f yaml/monitoring/promtail-values.yaml echo "] Deploying Loki for promtail aggregation ..." cat yaml/monitoring/loki-v12-volumes.yaml | envsubst | kubectl apply -f - helm install \ loki grafana/loki \ --namespace loki \ -f yaml/monitoring/loki-v12-values-${LOKI_RETENTION}.yaml cat yaml/monitoring/loki-v12-ext-svc.yaml | kubectl apply -f - echo "] Deploying Grafana for monitoring dashboard ..." cat yaml/monitoring/grafana-volumes.yaml | envsubst | kubectl apply -f - helm install \ grafana grafana/grafana \ --namespace monitoring \ -f yaml/monitoring/grafana-values.yaml \ --set env.GF_SMTP_ENABLED=true,env.GF_SMTP_HOST=${GRAFANA_SMTP_HOST},env.GF_SMTP_FROM_ADDRESS=${GRAFANA_SMTP_FROM_ADDRESS},env.GF_SMTP_USER=${GRAFANA_SMTP_USER},env.GF_SMTP_PASSWORD=${GRAFANA_SMTP_PASSWORD},env.GF_SMTP_SKIP_VERIFY=true printf '\ngrafana login:\nuser: admin \npass: ' ; kubectl get secret --namespace monitoring grafana -o jsonpath="{.data.admin-password}" | base64 --decode ; echo #kubectl -n monitoring create secret generic monitoring-http-secret --from-file=yaml/monitoring/auth if [ $CERT_MODE == "True" ] ; then cat yaml/monitoring/grafana-cert.yaml | envsubst | kubectl -n monitoring apply -f - cat yaml/monitoring/grafana-ingress-secure.yaml | envsubst | kubectl -n monitoring apply -f - else cat yaml/monitoring/grafana-ingress.yaml | envsubst | kubectl -n monitoring apply -f - fi # Setup Registry echo "] Deploying docker registry ..." kubectl create namespace registry if [ $REGISTRY_INTERNAL == "True" ]; then apt update apt install daemonize apache2-utils -y if [ -f /tmp/regsecret ]; then rm /tmp/regsecret fi # Genrating registry-sec for the use of registry.yaml deployment for internal webserver auth htpasswd -Bb -c /tmp/regsecret $REGISTRY_USER $REGISTRY_PASS regpassstr=`cat /tmp/regsecret | base64 -w 0` cat <