64 lines
2.3 KiB
Bash
Executable file
64 lines
2.3 KiB
Bash
Executable file
#!/bin/bash
|
|
|
|
echo ""
|
|
echo "... ] Setup Environment [ ..."
|
|
|
|
if [ -f config ]; then
|
|
echo "config file FOUND :)"
|
|
source config
|
|
else
|
|
echo "config file is missing."
|
|
exit 1
|
|
fi
|
|
export CEPH_MONITOR_1
|
|
export CEPH_MONITOR_2
|
|
export CEPH_MONITOR_3
|
|
export CLUSTER_DOMAIN
|
|
|
|
if [ -z $1 ]; then
|
|
echo "Usage: $0 <env-name>"
|
|
exit 1
|
|
fi
|
|
|
|
apt update
|
|
apt install -y jq
|
|
cp -v scripts/create-sa.sh /usr/local/bin/create-sa
|
|
|
|
nspace=$1
|
|
export nspace
|
|
|
|
# Setup namespace, Service Accounts, RBAC, Limit
|
|
printf "\nsetting up ${nspace}... \n"
|
|
cat yaml/system/namespace.yaml | envsubst | kubectl apply -f -
|
|
printf "\nsetting up Service Accounts... \n"
|
|
/usr/local/bin/create-sa admin-sa ${nspace}
|
|
/usr/local/bin/create-sa backup-agent-sa ${nspace}
|
|
sleep 5
|
|
printf "\nsetting up RBAC... \n"
|
|
cat yaml/system/sa-rbac.yaml | envsubst | kubectl apply -f -
|
|
cat yaml/system/sa-rbac-backup-agent.yaml | envsubst | kubectl apply -f -
|
|
sleep 5
|
|
printf "\nsetting up resource limits... \n"
|
|
kubectl -n $nspace apply -f yaml/system/namespace-resource-limits.yaml
|
|
|
|
# Create a auth-keypair unique to the new namespace, to be used by external applications
|
|
printf "\nsetting up shared keypair secret... \n"
|
|
mkdir -p -v /root/secrets/kube
|
|
openssl ecparam -genkey -name prime256v1 -noout -out /root/secrets/kube/${nspace}_id_ecdsa
|
|
openssl ec -in /root/secrets/kube/${nspace}_id_ecdsa -pubout -out /root/secrets/kube/${nspace}_id_ecdsa.pub
|
|
kubectl -n $nspace create secret generic auth-keypair --from-file=id_ecdsa=/root/secrets/kube/${nspace}_id_ecdsa --from-file=id_ecdsa.pub=/tmp/${nspace}_id_ecdsa.pub
|
|
#rm /root/secrets/kube/${nspace}_id_ecdsa
|
|
#rm /root/secrets/kube/${nspace}_id_ecdsa.pub
|
|
|
|
# Create wildcard certificate if we have cert-manager installed
|
|
if [ $CERT_MODE == "True" ] ; then
|
|
printf "\ncreate a wildcard certificate secret with letsencrypt for the defined namespace...\n"
|
|
cat yaml/system/namespace-wild-cert.yaml | envsubst | kubectl -n ${nspace} apply -f -
|
|
fi
|
|
|
|
# Copy internal registry credentials from its namespace
|
|
kubectl -n registry get secret registry-internal -o yaml | sed "s/namespace: .*/namespace: ${nspace}/" | kubectl apply -f -
|
|
|
|
# Path the default service account with registry-internal as ImagePullSecret
|
|
kubectl -n ${nspace} patch serviceaccount default -p '{"imagePullSecrets": [{"name": "registry-internal"}]}'
|