deflax/k8s-cluster
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
k8s-cluster/setup-env.sh
deflax 21a59cba7f import from rtg
2024-05-18 05:03:38 +03:00

64 lines
2.3 KiB
Bash
Executable file
Raw Permalink Blame History

#!/bin/bash
echo ""
echo "... ] Setup Environment [ ..."
if [ -f config ]; then
echo "config file FOUND :)"
source config
else
echo "config file is missing."
exit 1
fi
export CEPH_MONITOR_1
export CEPH_MONITOR_2
export CEPH_MONITOR_3
export CLUSTER_DOMAIN
if [ -z $1 ]; then
echo "Usage: $0 <env-name>"
exit 1
fi
apt update
apt install -y jq
cp -v scripts/create-sa.sh /usr/local/bin/create-sa
nspace=$1
export nspace
# Setup namespace, Service Accounts, RBAC, Limit
printf "\nsetting up ${nspace}... \n"
cat yaml/system/namespace.yaml | envsubst | kubectl apply -f -
printf "\nsetting up Service Accounts... \n"
/usr/local/bin/create-sa admin-sa ${nspace}
/usr/local/bin/create-sa backup-agent-sa ${nspace}
sleep 5
printf "\nsetting up RBAC... \n"
cat yaml/system/sa-rbac.yaml | envsubst | kubectl apply -f -
cat yaml/system/sa-rbac-backup-agent.yaml | envsubst | kubectl apply -f -
sleep 5
printf "\nsetting up resource limits... \n"
kubectl -n $nspace apply -f yaml/system/namespace-resource-limits.yaml
# Create a auth-keypair unique to the new namespace, to be used by external applications
printf "\nsetting up shared keypair secret... \n"
mkdir -p -v /root/secrets/kube
openssl ecparam -genkey -name prime256v1 -noout -out /root/secrets/kube/${nspace}_id_ecdsa
openssl ec -in /root/secrets/kube/${nspace}_id_ecdsa -pubout -out /root/secrets/kube/${nspace}_id_ecdsa.pub
kubectl -n $nspace create secret generic auth-keypair --from-file=id_ecdsa=/root/secrets/kube/${nspace}_id_ecdsa --from-file=id_ecdsa.pub=/tmp/${nspace}_id_ecdsa.pub
#rm /root/secrets/kube/${nspace}_id_ecdsa
#rm /root/secrets/kube/${nspace}_id_ecdsa.pub
# Create wildcard certificate if we have cert-manager installed
if [ $CERT_MODE == "True" ] ; then
printf "\ncreate a wildcard certificate secret with letsencrypt for the defined namespace...\n"
cat yaml/system/namespace-wild-cert.yaml | envsubst | kubectl -n ${nspace} apply -f -
fi
# Copy internal registry credentials from its namespace
kubectl -n registry get secret registry-internal -o yaml | sed "s/namespace: .*/namespace: ${nspace}/" | kubectl apply -f -
# Path the default service account with registry-internal as ImagePullSecret
kubectl -n ${nspace} patch serviceaccount default -p '{"imagePullSecrets": [{"name": "registry-internal"}]}'
Reference in a new issue View git blame Copy permalink