72 lines
2.2 KiB
Bash
Executable file
72 lines
2.2 KiB
Bash
Executable file
#!/bin/bash
|
|
|
|
echo ""
|
|
echo "... ] PREPARING ENVS [ ..."
|
|
|
|
HOME=$( cd "$(dirname "$0")" && pwd )
|
|
source $HOME/config
|
|
|
|
if [ -f $HOME/config-coreapps ]; then
|
|
echo "config-coreapps file FOUND :)"
|
|
source $HOME/config-coreapps
|
|
export CEPH_MONITOR_1
|
|
export CEPH_MONITOR_2
|
|
export CEPH_MONITOR_3
|
|
else
|
|
echo "config-coreapps file is missing."
|
|
exit 1
|
|
fi
|
|
|
|
export KUBECONFIG=$ADMIN_KUBECONFIG
|
|
|
|
nspace=$1
|
|
export nspace
|
|
|
|
# Setup namespace, Service Accounts, RBAC, Limit and namespace keypair
|
|
printf "\nsetting up ${nspace}... \n"
|
|
cat yaml/system/namespace.yaml | envsubst | kubectl apply -f -
|
|
printf "\nsetting up Service Accounts... \n"
|
|
/bin/bash tools/add_service_account.sh admin-sa ${nspace}
|
|
/bin/bash tools/add_service_account.sh backup-agent-sa ${nspace}
|
|
sleep 5
|
|
printf "\nsetting up RBAC... \n"
|
|
cat yaml/system/sa-rbac.yaml | envsubst | kubectl apply -f -
|
|
cat yaml/system/sa-rbac-backup-agent.yaml | envsubst | kubectl apply -f -
|
|
sleep 5
|
|
printf "\nsetting up resource limits... \n"
|
|
kubectl -n $nspace apply -f yaml/system/default-resource-limits.yaml
|
|
printf "\nsetting up shared keypair secret... \n"
|
|
openssl ecparam -genkey -name prime256v1 -noout -out /tmp/${nspace}_id_ecdsa
|
|
openssl ec -in /tmp/${nspace}_id_ecdsa -pubout -out /tmp/${nspace}_id_ecdsa.pub
|
|
kubectl -n $nspace create secret generic auth-keypair --from-file=id_ecdsa=/tmp/${nspace}_id_ecdsa --from-file=id_ecdsa.pub=/tmp/${nspace}_id_ecdsa.pub
|
|
rm /tmp/${nspace}_id_ecdsa
|
|
rm /tmp/${nspace}_id_ecdsa.pub
|
|
|
|
if [ "$nspace" = "develop" ]; then
|
|
# Setup the private docker registry
|
|
printf "\nsetting up Docker Registry... \n"
|
|
#create secret for the registry
|
|
if [ -f /tmp/regsecret ]; then
|
|
rm /tmp/regsecret
|
|
fi
|
|
htpasswd -Bb -c /tmp/regsecret $REGISTRY_USER $REGISTRY_PASS
|
|
regpassstr=`cat /tmp/regsecret | base64 -w 0`
|
|
cat <<EOF | kubectl -n develop apply -f -
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: registry-sec
|
|
type: Opaque
|
|
data:
|
|
HTPASSWD: ${regpassstr}
|
|
EOF
|
|
kubectl -n ${nspace} apply -f env/registry-pv.yaml
|
|
kubectl -n ${nspace} apply -f env/registry.yaml
|
|
fi
|
|
|
|
if [ "$nspace" = "live" ]; then
|
|
exit 0
|
|
fi
|
|
|
|
printf "\ncreate a wildcard certificate secret with letsencrypt for the defined namespace...\n"
|
|
cat env/nspace-wild-cert.yaml | envsubst | kubectl -n ${nspace} apply -f -
|