k8s-cluster/setup-apps.sh

#!/bin/bash

echo "... ] Setup Applications [ ..."

if [ -f config ]; then
    echo "config file FOUND :)"
    source config
else
    echo "config file is missing."
    exit 1
fi
export CEPH_MONITOR_1
export CEPH_MONITOR_2
export CEPH_MONITOR_3
export CLUSTER_DOMAIN
export REGISTRY_URL
export LOKI_STORAGE_SIZE
export LOKI_RETENTION

allRunning() {
    podStatus=$(kubectl get pods -n $1 -o=jsonpath='{range .items[*]}{.status.conditions[?(@.type=="ContainersReady")].status}{"\n"}{end}')
    for elem in $podStatus
    do
        #echo $elem
        if [ $elem != "True" ]
        then
            return 0
        fi
    done
    return 1
}

# Setup Helm repositories
helm repo add jetstack https://charts.jetstack.io
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo add grafana https://grafana.github.io/helm-charts
helm repo update

# Setup ACME
if [ $CERT_MODE == "True" ] ; then
    echo "] deploying cert-manager helm chart..."
    kubectl create namespace cert-manager
    kubectl -n cert-manager create secret generic cf-api-secret --from-literal=cf-api-key=${CLOUDFLARE_API_KEY}
    kubectl apply -f yaml/cert-manager/cert-manager.crds.yaml
    helm install \
        cert-manager jetstack/cert-manager \
        --namespace cert-manager \
        --version v1.1.0 \
        -f yaml/cert-manager/values.yaml

    echo "] Setup cert-manager issuers ... "
    while :
    do
        allRunning cert-manager
        allAreRunning=$?
        if [ $allAreRunning == 1 ]; then
            sleep 10
            break
        fi
    done

    cat yaml/cert-manager/letsencrypt-staging-clusterissuer.yaml | sed "s/var_acme_email/${ADMIN_EMAIL}/" | kubectl -n kube-system apply -f -
    cat yaml/cert-manager/letsencrypt-staging-dns-clusterissuer.yaml | sed "s/var_acme_email/${ADMIN_EMAIL}/" | kubectl -n kube-system apply -f -
    cat yaml/cert-manager/letsencrypt-production-clusterissuer.yaml | sed "s/var_acme_email/${ADMIN_EMAIL}/" | kubectl -n kube-system apply -f -
    cat yaml/cert-manager/letsencrypt-production-dns-clusterissuer.yaml | sed "s/var_acme_email/${ADMIN_EMAIL}/" | kubectl -n kube-system apply -f -
fi

# Setup Ingress-Nginx
kubectl create namespace ingress-nginx
if [ $CERT_MODE == "True" ] ; then
  echo "] Deploying ingress-nginx helm chart WITH TLS termination in TCP/PROXY mode..."
  k8x_proxy_mode="true"
else
  echo "] Deploying ingress-nginx helm chart WITHOUT TLS termination in HTTP mode..."
  k8x_proxy_mode="false"
fi
helm install \
  ingress-nginx ingress-nginx/ingress-nginx \
  --namespace ingress-nginx \
  --set-string controller.config.use-proxy-protocol="${k8x_proxy_mode}" \
  --set-string controller.maxmindLicenseKey="${MAXMIND_LIC}" \
  --version 3.34.0 \
  -f yaml/ingress-nginx/values.yaml

# Setup Monitoring
kubectl create namespace monitoring
kubectl create namespace loki

# Setup Zabbix
echo "] Deploying zabbix-agent for host monitoring..."
kubectl -n monitoring create secret generic zabbix-psk-secret --from-literal=zabbix_agentd.psk=${ZABBIX_PSK}
kubectl -n monitoring create secret generic zabbix-psk-id-secret --from-literal=zabbix_psk_id=${ZABBIX_PSK_ID}
cat yaml/monitoring/zabbix-agent-daemonset.yaml | sed "s/k8x_zabbix_server/${ZABBIX_SERVER}/" | kubectl -n monitoring apply -f -

# Setup Prometheus metrics
echo "] Deploying prometheus for metrics aggregation..."
cat yaml/monitoring/prometheus-volumes.yaml | envsubst | kubectl apply -f -
helm install \
  prometheus prometheus-community/prometheus \
  --namespace monitoring \
  -f yaml/monitoring/prometheus-values.yaml

# Setup PLG Stack
echo "] Deploying Promtail for logs aggregation ..."
#promtail
helm install \
  promtail grafana/promtail \
  --namespace monitoring \
  -f yaml/monitoring/promtail-values.yaml

echo "] Deploying Loki for promtail aggregation ..."
cat yaml/monitoring/loki-v12-volumes.yaml | envsubst | kubectl apply -f -
helm install \
  loki grafana/loki \
  --namespace loki \
  -f yaml/monitoring/loki-v12-values-${LOKI_RETENTION}.yaml
cat yaml/monitoring/loki-v12-ext-svc.yaml | kubectl apply -f -

echo "] Deploying Grafana for monitoring dashboard ..."
cat yaml/monitoring/grafana-volumes.yaml | envsubst | kubectl apply -f -
helm install \
  grafana grafana/grafana \
  --namespace monitoring \
  -f yaml/monitoring/grafana-values.yaml \
  --set env.GF_SMTP_ENABLED=true,env.GF_SMTP_HOST=${GRAFANA_SMTP_HOST},env.GF_SMTP_FROM_ADDRESS=${GRAFANA_SMTP_FROM_ADDRESS},env.GF_SMTP_USER=${GRAFANA_SMTP_USER},env.GF_SMTP_PASSWORD=${GRAFANA_SMTP_PASSWORD},env.GF_SMTP_SKIP_VERIFY=true
printf '\ngrafana login:\nuser: admin \npass: ' ; kubectl get secret --namespace monitoring grafana -o jsonpath="{.data.admin-password}" | base64 --decode ; echo
#kubectl -n monitoring create secret generic monitoring-http-secret --from-file=yaml/monitoring/auth
if [ $CERT_MODE == "True" ] ; then
  cat yaml/monitoring/grafana-cert.yaml | envsubst | kubectl -n monitoring apply -f -
  cat yaml/monitoring/grafana-ingress-secure.yaml | envsubst | kubectl -n monitoring apply -f -
else
  cat yaml/monitoring/grafana-ingress.yaml | envsubst | kubectl -n monitoring apply -f -
fi

# Setup Registry
echo "] Deploying docker registry ..."
kubectl create namespace registry
if [ $REGISTRY_INTERNAL == "True" ]; then
  apt update
  apt install daemonize apache2-utils -y
  if [ -f /tmp/regsecret ]; then
    rm /tmp/regsecret
  fi
  # Genrating registry-sec for the use of registry.yaml deployment for internal webserver auth
  htpasswd -Bb -c /tmp/regsecret $REGISTRY_USER $REGISTRY_PASS
  regpassstr=`cat /tmp/regsecret | base64 -w 0`
  cat <<EOF | kubectl -n registry apply -f -
apiVersion: v1
kind: Secret
metadata:
  name: registry-sec
type: Opaque
data:
  HTPASSWD: ${regpassstr}
EOF
  cat yaml/registry/registry-volumes.yaml | envsubst | kubectl -n registry apply -f -
  #cat yaml/registry/registry-volumes-nfs.yaml | envsubst | kubectl -n registry apply -f -
  cat yaml/registry/registry.yaml | envsubst | kubectl -n registry apply -f -

  if [ $CERT_MODE == "True" ] ; then
    cat yaml/registry/registry-cert.yaml | envsubst | kubectl -n registry apply -f -
    cat yaml/registry/registry-ingress-secure.yaml | envsubst | kubectl -n registry apply -f -
  else
    cat yaml/registry/registry-ingress.yaml | envsubst | kubectl -n registry apply -f -
  fi
fi
#Create a registry secret to be used by pods
kubectl -n registry create secret docker-registry registry-internal --docker-server=https://${REGISTRY_URL}/v2/ --docker-username=${REGISTRY_USER} --docker-password=${REGISTRY_PASS} --docker-email=${ADMIN_EMAIL}