170 lines
6.5 KiB
Bash
Executable file
170 lines
6.5 KiB
Bash
Executable file
#!/bin/bash
|
|
|
|
echo "... ] Setup Applications [ ..."
|
|
|
|
if [ -f config ]; then
|
|
echo "config file FOUND :)"
|
|
source config
|
|
else
|
|
echo "config file is missing."
|
|
exit 1
|
|
fi
|
|
export CEPH_MONITOR_1
|
|
export CEPH_MONITOR_2
|
|
export CEPH_MONITOR_3
|
|
export CLUSTER_DOMAIN
|
|
export REGISTRY_URL
|
|
export LOKI_STORAGE_SIZE
|
|
export LOKI_RETENTION
|
|
|
|
allRunning() {
|
|
podStatus=$(kubectl get pods -n $1 -o=jsonpath='{range .items[*]}{.status.conditions[?(@.type=="ContainersReady")].status}{"\n"}{end}')
|
|
for elem in $podStatus
|
|
do
|
|
#echo $elem
|
|
if [ $elem != "True" ]
|
|
then
|
|
return 0
|
|
fi
|
|
done
|
|
return 1
|
|
}
|
|
|
|
# Setup Helm repositories
|
|
helm repo add jetstack https://charts.jetstack.io
|
|
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
|
|
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
|
|
helm repo add grafana https://grafana.github.io/helm-charts
|
|
helm repo update
|
|
|
|
# Setup ACME
|
|
if [ $CERT_MODE == "True" ] ; then
|
|
echo "] deploying cert-manager helm chart..."
|
|
kubectl create namespace cert-manager
|
|
kubectl -n cert-manager create secret generic cf-api-secret --from-literal=cf-api-key=${CLOUDFLARE_API_KEY}
|
|
kubectl apply -f yaml/cert-manager/cert-manager.crds.yaml
|
|
helm install \
|
|
cert-manager jetstack/cert-manager \
|
|
--namespace cert-manager \
|
|
--version v1.1.0 \
|
|
-f yaml/cert-manager/values.yaml
|
|
|
|
echo "] Setup cert-manager issuers ... "
|
|
while :
|
|
do
|
|
allRunning cert-manager
|
|
allAreRunning=$?
|
|
if [ $allAreRunning == 1 ]; then
|
|
sleep 10
|
|
break
|
|
fi
|
|
done
|
|
|
|
cat yaml/cert-manager/letsencrypt-staging-clusterissuer.yaml | sed "s/var_acme_email/${ADMIN_EMAIL}/" | kubectl -n kube-system apply -f -
|
|
cat yaml/cert-manager/letsencrypt-staging-dns-clusterissuer.yaml | sed "s/var_acme_email/${ADMIN_EMAIL}/" | kubectl -n kube-system apply -f -
|
|
cat yaml/cert-manager/letsencrypt-production-clusterissuer.yaml | sed "s/var_acme_email/${ADMIN_EMAIL}/" | kubectl -n kube-system apply -f -
|
|
cat yaml/cert-manager/letsencrypt-production-dns-clusterissuer.yaml | sed "s/var_acme_email/${ADMIN_EMAIL}/" | kubectl -n kube-system apply -f -
|
|
fi
|
|
|
|
# Setup Ingress-Nginx
|
|
kubectl create namespace ingress-nginx
|
|
if [ $CERT_MODE == "True" ] ; then
|
|
echo "] Deploying ingress-nginx helm chart WITH TLS termination in TCP/PROXY mode..."
|
|
k8x_proxy_mode="true"
|
|
else
|
|
echo "] Deploying ingress-nginx helm chart WITHOUT TLS termination in HTTP mode..."
|
|
k8x_proxy_mode="false"
|
|
fi
|
|
helm install \
|
|
ingress-nginx ingress-nginx/ingress-nginx \
|
|
--namespace ingress-nginx \
|
|
--set-string controller.config.use-proxy-protocol="${k8x_proxy_mode}" \
|
|
--set-string controller.maxmindLicenseKey="${MAXMIND_LIC}" \
|
|
--version 3.34.0 \
|
|
-f yaml/ingress-nginx/values.yaml
|
|
|
|
# Setup Monitoring
|
|
kubectl create namespace monitoring
|
|
kubectl create namespace loki
|
|
|
|
# Setup Zabbix
|
|
echo "] Deploying zabbix-agent for host monitoring..."
|
|
kubectl -n monitoring create secret generic zabbix-psk-secret --from-literal=zabbix_agentd.psk=${ZABBIX_PSK}
|
|
kubectl -n monitoring create secret generic zabbix-psk-id-secret --from-literal=zabbix_psk_id=${ZABBIX_PSK_ID}
|
|
cat yaml/monitoring/zabbix-agent-daemonset.yaml | sed "s/k8x_zabbix_server/${ZABBIX_SERVER}/" | kubectl -n monitoring apply -f -
|
|
|
|
# Setup Prometheus metrics
|
|
echo "] Deploying prometheus for metrics aggregation..."
|
|
cat yaml/monitoring/prometheus-volumes.yaml | envsubst | kubectl apply -f -
|
|
helm install \
|
|
prometheus prometheus-community/prometheus \
|
|
--namespace monitoring \
|
|
-f yaml/monitoring/prometheus-values.yaml
|
|
|
|
# Setup PLG Stack
|
|
echo "] Deploying Promtail for logs aggregation ..."
|
|
#promtail
|
|
helm install \
|
|
promtail grafana/promtail \
|
|
--namespace monitoring \
|
|
-f yaml/monitoring/promtail-values.yaml
|
|
|
|
echo "] Deploying Loki for promtail aggregation ..."
|
|
cat yaml/monitoring/loki-v12-volumes.yaml | envsubst | kubectl apply -f -
|
|
helm install \
|
|
loki grafana/loki \
|
|
--namespace loki \
|
|
-f yaml/monitoring/loki-v12-values-${LOKI_RETENTION}.yaml
|
|
cat yaml/monitoring/loki-v12-ext-svc.yaml | kubectl apply -f -
|
|
|
|
echo "] Deploying Grafana for monitoring dashboard ..."
|
|
cat yaml/monitoring/grafana-volumes.yaml | envsubst | kubectl apply -f -
|
|
helm install \
|
|
grafana grafana/grafana \
|
|
--namespace monitoring \
|
|
-f yaml/monitoring/grafana-values.yaml \
|
|
--set env.GF_SMTP_ENABLED=true,env.GF_SMTP_HOST=${GRAFANA_SMTP_HOST},env.GF_SMTP_FROM_ADDRESS=${GRAFANA_SMTP_FROM_ADDRESS},env.GF_SMTP_USER=${GRAFANA_SMTP_USER},env.GF_SMTP_PASSWORD=${GRAFANA_SMTP_PASSWORD},env.GF_SMTP_SKIP_VERIFY=true
|
|
printf '\ngrafana login:\nuser: admin \npass: ' ; kubectl get secret --namespace monitoring grafana -o jsonpath="{.data.admin-password}" | base64 --decode ; echo
|
|
#kubectl -n monitoring create secret generic monitoring-http-secret --from-file=yaml/monitoring/auth
|
|
if [ $CERT_MODE == "True" ] ; then
|
|
cat yaml/monitoring/grafana-cert.yaml | envsubst | kubectl -n monitoring apply -f -
|
|
cat yaml/monitoring/grafana-ingress-secure.yaml | envsubst | kubectl -n monitoring apply -f -
|
|
else
|
|
cat yaml/monitoring/grafana-ingress.yaml | envsubst | kubectl -n monitoring apply -f -
|
|
fi
|
|
|
|
# Setup Registry
|
|
echo "] Deploying docker registry ..."
|
|
kubectl create namespace registry
|
|
if [ $REGISTRY_INTERNAL == "True" ]; then
|
|
apt update
|
|
apt install daemonize apache2-utils -y
|
|
if [ -f /tmp/regsecret ]; then
|
|
rm /tmp/regsecret
|
|
fi
|
|
# Genrating registry-sec for the use of registry.yaml deployment for internal webserver auth
|
|
htpasswd -Bb -c /tmp/regsecret $REGISTRY_USER $REGISTRY_PASS
|
|
regpassstr=`cat /tmp/regsecret | base64 -w 0`
|
|
cat <<EOF | kubectl -n registry apply -f -
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: registry-sec
|
|
type: Opaque
|
|
data:
|
|
HTPASSWD: ${regpassstr}
|
|
EOF
|
|
cat yaml/registry/registry-volumes.yaml | envsubst | kubectl -n registry apply -f -
|
|
#cat yaml/registry/registry-volumes-nfs.yaml | envsubst | kubectl -n registry apply -f -
|
|
cat yaml/registry/registry.yaml | envsubst | kubectl -n registry apply -f -
|
|
|
|
if [ $CERT_MODE == "True" ] ; then
|
|
cat yaml/registry/registry-cert.yaml | envsubst | kubectl -n registry apply -f -
|
|
cat yaml/registry/registry-ingress-secure.yaml | envsubst | kubectl -n registry apply -f -
|
|
else
|
|
cat yaml/registry/registry-ingress.yaml | envsubst | kubectl -n registry apply -f -
|
|
fi
|
|
fi
|
|
#Create a registry secret to be used by pods
|
|
kubectl -n registry create secret docker-registry registry-internal --docker-server=https://${REGISTRY_URL}/v2/ --docker-username=${REGISTRY_USER} --docker-password=${REGISTRY_PASS} --docker-email=${ADMIN_EMAIL}
|