k3d-cluster

#!/bin/sh
source manage_hosts.sh
# Instalation variables
CLUSTER_DOMAIN=fuf.me
API_PORT=6443
HTTP_PORT=80
HTTPS_PORT=443
CLUSTER_NAME=k3d-cluster
READ_VALUE=
SERVERS=1
AGENTS=2
TRAEFIK_V2=Yes
INSTALL_INGRESS=Yes
INSTALL_DASHBOARD=No
INSTALL_PROMETHEUS=Yes
INSTALL_ARGOCD=Yes
INSTALL_TEKTON=Yes
# bold text 
bold=$(tput bold)
normal=$(tput sgr0)
yes_no="(${bold}Y${normal}es/${bold}N${normal}o)"



# countdown function
function countdown ()
{
        local OLD_IFS="${IFS}"
        IFS=":"
        local ARR=( $1 )
        local SECONDS=$((  (ARR[0] * 60 * 60) + (ARR[1] * 60) + ARR[2]  ))
        local START=$(date +%s)
        local END=$((START + SECONDS))
        local CUR=$START

        while [[ $CUR -lt $END ]]
        do
                CUR=$(date +%s)
                LEFT=$((END-CUR))

                printf "\r%02d:%02d:%02d" \
                        $((LEFT/3600)) $(( (LEFT/60)%60)) $((LEFT%60))

                sleep 1
        done
        IFS="${OLD_IFS}"
        echo "        "
}
# $1 text to show - $2 default value
read_value ()
{
    read -p "${1} [${bold}${2}${normal}]: " READ_VALUE
    if [ "${READ_VALUE}" = "" ]
    then
        READ_VALUE=$2
    fi
}

# Check if exist docker, k3d and kubectl
checkDependencies ()
{
    # Check Docker
    if ! type docker > /dev/null; then
        echo "Docker could not be found. Installing it ..."
        curl -L -o ./install-docker.sh "https://get.docker.com"
        chmod +x ./install-docker.sh
        ./install-docker.sh
        sudo usermod -aG docker $USER
        #exit
    fi

    # Check K3D
    if ! type k3d > /dev/null; then
        echo "K3D could not be found. Installing it ..."
        curl -s https://raw.githubusercontent.com/rancher/k3d/main/install.sh | bash
        # Install k3d autocompletion for bash
        echo "source <(k3d completion bash)" >> ~/.bashrc
        #exit
    fi

    # Check Kubectl
    if ! type kubectl > /dev/null; then
        echo "Kubectl could not be found. Installing it ..."
        curl -LO "https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl"
        chmod +x ./kubectl
        sudo mv ./kubectl /usr/local/bin/kubectl
        kubectl version --client
        #exit
    fi

    # Check Helm
    if ! type helm > /dev/null; then
        echo "Helm could not be found. Installing it ..."
        curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
        chmod +x ./get_helm.sh
        ./get_helm.sh
        
        # Add default repos
        helm repo add stable https://charts.helm.sh/stable
        # Add kubernetes-dashboard repository
        helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
        # Add bitnami helm repos
        helm repo add bitnami https://charts.bitnami.com/bitnami
        # Add Prometheus helm repos
        helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
        # Update helm
        helm repo update
        #exit
    fi
}

header()
{
    echo "\n\n${bold}${1}${normal}\n-------------------------------------"
}

footer()
{
    echo "-------------------------------------"
}

configValues ()
{
  read_value "Cluster Name" "${CLUSTER_NAME}"
  CLUSTER_NAME=${READ_VALUE}
  read_value "Cluster Domain" "${CLUSTER_DOMAIN}"
  CLUSTER_DOMAIN=${READ_VALUE}
  read_value "API Port" "${API_PORT}"
  API_PORT=${READ_VALUE}
  read_value "Servers (Masters)" "${SERVERS}"
  SERVERS=${READ_VALUE}
  read_value "Agents (Workers)" "${AGENTS}"
  AGENTS=${READ_VALUE}
  read_value "LoadBalancer HTTP Port" "${HTTP_PORT}"
  HTTP_PORT=${READ_VALUE}
  read_value "LoadBalancer HTTPS Port" "${HTTPS_PORT}"
  HTTPS_PORT=${READ_VALUE}
  read_value "Tekton" "${INSTALL_TEKTON}"
  INSTALL_TEKTON=${READ_VALUE}
  read_value "Argo" "${INSTALL_ARGOCD}"
  INSTALL_ARGOCD=${READ_VALUE}
  read_value "Ingress" "${INSTALL_INGRESS}"
  INSTALL_INGRESS=${READ_VALUE}
  
    read_value "Dashboard" "${INSTALL_DASHBOARD}"
  INSTALL_DASHBOARD=${READ_VALUE}
      read_value "Prometheus" "${INSTALL_PROMETHEUS}"
  INSTALL_PROMETHEUS=${READ_VALUE}
}

installCluster ()
{
  header "Deleting Previous Cluster"
  k3d cluster delete ${CLUSTER_NAME}
  footer

  header "Creating K3D cluster"
#https://github.com/rancher/k3d/blob/main/tests/assets/config_test_simple.yaml
# k3d registry create "$CLUSTER_NAME-registry.localhost" --port 55515
# k3d registry create registry.localhost --port 5000
  cat <<EOF  > tmp-k3d-${CLUSTER_NAME}.yaml
apiVersion: k3d.io/v1alpha2
kind: Simple
name: ${CLUSTER_NAME}
servers: ${SERVERS} 
agents: ${AGENTS}
kubeAPI:
  hostIP: "0.0.0.0"
  hostPort: "${API_PORT}" # kubernetes api port 6443:6443

image: rancher/k3s:latest 
#image: rancher/k3s:v1.19.4-k3s1

volumes:
#  - volume: $(pwd)/k3deploy/helm-ingress-ngnx.yaml:/var/lib/rancher/k3s/server/manifests/helm-ingress-nginx.yaml
  - volume: $(pwd)/k3dvol:/k3dvol # volume in host:container
    nodeFilters:
      - all

ports:
  - port: ${HTTP_PORT}:80 # http port host:container
    nodeFilters:
      - loadbalancer
  - port: 0.0.0.0:${HTTPS_PORT}:443 # https port host:container
    nodeFilters:
      - loadbalancer

env:
  - envVar: secret=token
    nodeFilters:
      - all
labels:
  - label: best_cluster=forced_tag
    nodeFilters:
      - server[0] # 
      - loadbalancer

options:
  k3d:
    wait: true
    timeout: "60s" # avoid an start/stop cicle when start fails
    disableLoadbalancer: false
    disableImageVolume: false
  k3s:
    extraServerArgs:
      - --tls-san=127.0.0.1
      - --disable=traefik
#      - --flannel-backend=none

    extraAgentArgs: []
  kubeconfig:
    updateDefaultKubeconfig: true # update kubeconfig when cluster starts
    switchCurrentContext: true # change this cluster context when cluster starts
EOF

  k3d registry create reg.localhost --port 5111 # mapped to k3d-reg.localhost
  k3d cluster create --config tmp-k3d-${CLUSTER_NAME}.yaml --registry-use k3d-reg.localhost:5111

  header "waiting for cluster init ..."
  sleep 5    

  kubectl config use-context k3d-${CLUSTER_NAME}
  kubectl cluster-info
  footer

  header "Provisioning Persistent Volume"
  cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: PersistentVolume
metadata:
  name: k3d-pv
  labels:
    type: local
spec:
  storageClassName: manual
  capacity:
    storage: 50Gi
  accessModes:
    - ReadWriteOnce
  hostPath:
    path: "/k3dvol"  
EOF
#  kubectl describe pv k3d-pv
  footer
}

generateCert ()
{
  header "Generating Cert for ${CLUSTER_DOMAIN}"
  mkcert ${CLUSTER_DOMAIN} "*.${CLUSTER_DOMAIN}" && cp *${CLUSTER_DOMAIN}* ./certs/
  header "Installing Cert for ${CLUSTER_DOMAIN}"
  mkcert --install
  header "Adding 127.0.0.1 ${CLUSTER_DOMAIN} to your /etc/hosts "
  #sudo -- sh -c "echo 127.0.0.1 ${CLUSTER_DOMAIN} >> /etc/hosts"
}
addSubdomainEtc ()
{
  header "Adding 127.0.0.1 ${1}.${CLUSTER_DOMAIN} to your /etc/hosts "
  #sudo -- sh -c "echo 127.0.0.1 ${1}.${CLUSTER_DOMAIN} >> /etc/hosts"
  # header "Adding 127.0.0.1 ${CLUSTER_DOMAIN}.registry to your /etc/hosts"
  
  addhost ${1}.${CLUSTER_DOMAIN}
  #sudo -- sh -c "echo 127.0.0.1 registry.localhost >> /etc/hosts"

}
installIngress ()
{
  header "Instaling Fake Cert locally"
  generateCert 
  header "Instaling Ingress"
  # Create Namespace
  kubectl create namespace ingress
  # Create a secret with server certificate
  kubectl --namespace ingress create secret tls nginx-server-certs --key certs/${CLUSTER_DOMAIN}+1-key.pem --cert certs/${CLUSTER_DOMAIN}+1.pem
  # Install ingress with tls enabled providing certificates stored in namespace
  cat <<EOF | helm install --namespace ingress -f - ingress bitnami/nginx-ingress-controller
extraArgs:
  default-ssl-certificate: "ingress/nginx-server-certs"
EOF
  footer
  sleep 5
  header "LoadBalancer info:"
  kubectl -n ingress get svc | egrep -e NAME -e LoadBalancer
  footer
  #kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/cloud/deploy.yaml
}


installDashboard ()
{
  
  header "Instaling Dashboard"
  # Install Kubernetes Dashboard
  kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
  # Create dashboard account
  kubectl create serviceaccount dashboard-admin-sa
  # bind the dashboard-admin-service-account service account to the cluster-admin role
  kubectl create clusterrolebinding dashboard-admin-sa --clusterrole=cluster-admin --serviceaccount=default:dashboard-admin-sa
  
  # Install Dashboard Ingress
#  cat <<EOF | helm install -namespace kubernetes-dashboard -f - dashboard kubernetes-dashboard/kubernetes-dashboard
#enableInsecureLogin: false
#insecure-bind-address: 0.0.0.0
#enable-skip-login: true
#EOF
  #helm install  --namespace kubernetes-dashboard dashboard kubernetes-dashboard/kubernetes-dashboard

  # display token
  header "Keep this Token to acces dashboard"
  #kubectl describe secret $(kubectl get secrets | grep dashboard-admin-sa | cut -d' ' -f1)
  kubectl describe secret $(kubectl get secrets | grep dashboard-admin-sa | awk '{ print $1 }')
  header "Dashboard Access:"
  echo "kubectl proxy"
  echo "http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/#/login"
  footer
}
installTekton()
{
  kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml
kubectl apply --filename https://storage.googleapis.com/tekton-releases/dashboard/latest/release.yaml

  addSubdomainEtc tekton
  cat <<EOF | kubectl apply -f -

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: tekton-server-http-ingress
  namespace: tekton-pipelines
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
spec:
  rules:
  - http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: tekton-dashboard
            port:
              number: 9097
    host: tekton.fuf.me
  tls:
  - hosts:
    - tekton.fuf.me
    # secretName: argocd-secret # do not change, this is provided by Argo CD
EOF
}
installArogcd()
{
  header "Instaling ArgoCd"
  kubectl create namespace argocd || printf "\n Namespace exists\n"
  kubectl create namespace guestbookex || printf "\n Namespace exists\n"
  helm install argocd argo/argo-cd -f ./argo_insecure.yml -n argocd #overide with insecure set
  cat <<EOF | kubectl apply -f -

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: argocd-server-http-ingress
  namespace: argocd
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
spec:
  rules:
  - http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: argocd-server
            port:
              number: 80
    host: argocd.fuf.me
  tls:
  - hosts:
    - argocd.fuf.me
    secretName: argocd-secret # do not change, this is provided by Argo CD
EOF
addSubdomainEtc argocd
}
installPrometheus ()
{
  header "Instaling Prometheus & Grafana"
  # Install Prometheus
  helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
  helm install --namespace monitoring --create-namespace prometheus  \
  --set server.global.scrape_interval=30s prometheus-community/prometheus
  # Install Grafana
  helm repo add grafana https://grafana.github.io/helm-charts
  helm install --namespace monitoring --create-namespace grafana bitnami/grafana \
  --set sidecar.datasources.enabled=true --set sidecar.dashboards.enabled=true \
  --set sidecar.datasources.label=grafana_datasource \
  --set sidecar.dashboards.label=grafana_dashboard
  # Create Ingress controler using server certificates
cat <<EOF | kubectl apply -f -
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: grafana
  namespace: monitoring
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
  ingressClassName: nginx
  tls:
  - hosts:
    - grafana.${CLUSTER_DOMAIN}
    # secretName: domain-com
  rules:
  - host: grafana.${CLUSTER_DOMAIN}
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: grafana
            port:
              number: 3000
EOF

cat <<EOF | kubectl apply -f -
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: prometheus
  namespace: monitoring
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
  ingressClassName: nginx
  tls:
  - hosts:
    - prometheus.${CLUSTER_DOMAIN}
    # secretName: domain-com
  rules:
  - host: prometheus.${CLUSTER_DOMAIN}
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: prometheus-server
            port:
              number: 9090
EOF

cat <<EOF | kubectl apply -f -
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-test-registry
  labels:
    app: nginx-test-registry
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx-test-registry
  template:
    metadata:
      labels:
        app: nginx-test-registry
    spec:
      containers:
      - name: nginx-test-registry
        image: fuf.me.registry:59746/nginx:latest
        ports:
        - containerPort: 80
EOF


  header "Grafana and Prometheus Access:"
  echo "${bold}Prometheus${normal}:"
  echo "url: https://prometheus.${CLUSTER_DOMAIN}"
  footer
  echo "${bold}Grafana${normal}:"
  echo "url: https://grafana.${CLUSTER_DOMAIN}"
  echo "username: admin"
  echo "password: $(kubectl get secret --namespace monitoring grafana-admin -o jsonpath="{.data.GF_SECURITY_ADMIN_PASSWORD}" | base64 --decode ; echo)"
  echo "\nuse 'kubectl get secret --namespace monitoring grafana-admin -o jsonpath="{.data.GF_SECURITY_ADMIN_PASSWORD}" | base64 --decode ; echo' to get password"
  footer
  addSubdomainEtc grafana
  addSubdomainEtc prometheus
}

installKubeapps ()
{
  header "Instaling Kubeapps"
  cat <<EOF | helm install --namespace kubeapps --create-namespace -f - kubeapps bitnami/kubeapps
ingress:
  enabled: true
  hostname: kubeapps.${CLUSTER_DOMAIN}
  tls: true
EOF
  #helm install --namespace kubeapps --create-namespace kubeapps bitnami/kubeapps
  kubectl create serviceaccount kubeapps-operator
  kubectl create clusterrolebinding kubeapps-operator --clusterrole=cluster-admin --serviceaccount=default:kubeapps-operator

  echo "url: https://kubeapps.${CLUSTER_DOMAIN}"
  echo "Token: \n$(  kubectl get secret $(kubectl get serviceaccount kubeapps-operator -o jsonpath='{range .secrets[*]}{.name}{"\n"}{end}' | grep kubeapps-operator-token) -o jsonpath='{.data.token}' -o go-template='{{.data.token | base64decode}}' && echo)"
  footer
  addSubdomainEtc kubeapps
}

isSelected()
{
  if [ "${1}" = "Yes" ] || [ "${1}" = "yes" ] || [ "${1}" = "Y" ]  || [ "${1}" = "y" ];
  then
    echo 1
  else
    echo 0
  fi
}

installAddons ()
{
  read_value "Install Ingress? ${yes_no}" "${INSTALL_INGRESS}"
  if [ $(isSelected ${READ_VALUE}) = 1 ];
  then
      installIngress
  fi

  read_value "Install Dashbard? ${yes_no}" "${INSTALL_DASHBOARD}"
  if [ $(isSelected ${READ_VALUE}) = 1 ];
  then
      installDashboard
  fi

  read_value "Install Prometheus? ${yes_no}" "${INSTALL_PROMETHEUS}"
  if [ $(isSelected ${READ_VALUE}) = 1 ];
  then
      installPrometheus
  fi

  read_value "Install Kubeapps? ${yes_no}" "${INSTALL_PROMETHEUS}"
  if [ $(isSelected ${READ_VALUE}) = 1 ];
  then
      installKubeapps
  fi
}

showurls ()
{
    header "Local K3d cluster endpoints :"
    countdown "00:00:10" 
    echo "Prometheus : https://prometheus.${CLUSTER_DOMAIN}"
    echo "Grafana: https://grafana.${CLUSTER_DOMAIN} user:admin pass:$(kubectl get secret --namespace monitoring grafana-admin -o jsonpath="{.data.GF_SECURITY_ADMIN_PASSWORD}" | base64 --decode ; echo)"
    echo "ArgoCD : https://argocd.${CLUSTER_DOMAIN} user:admin pass:$(kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d)"
    echo "Registry : http://localhost:5111 user:admin pass:admin"
}

# deployTekton()
# {


# }

helm repo add argo https://argoproj.github.io/argo-helm
helm repo add bitnami https://charts.bitnami.com/bitnami || header "Error adding bitnami "




checkDependencies 
#Retrieve config values 
configValues
# Todo Calico
installCluster
installAddons
installArogcd
kubectl config set-context "k3d-${CLUSTER_NAME}"
showurls


header "Provisioning Sample App on Argo"
argocd login argocd.${CLUSTER_DOMAIN} --password $(kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d) --username admin



   # Create a directory app
    argocd app create guestbook --repo https://github.com/argoproj/argocd-example-apps.git --path guestbook --dest-namespace default --dest-server https://kubernetes.default.svc --directory-recurse

    # Create a Jsonnet app
    argocd app create jsonnet-guestbook --repo https://github.com/argoproj/argocd-example-apps.git --path jsonnet-guestbook --dest-namespace default --dest-server https://kubernetes.default.svc --jsonnet-ext-str replicas=2

    # Create a Helm app
    argocd app create helm-guestbook --repo https://github.com/argoproj/argocd-example-apps.git --path helm-guestbook --dest-namespace default --dest-server https://kubernetes.default.svc --helm-set replicaCount=2

    # Create a Helm app from a Helm repo
    argocd app create nginx-ingress --repo https://kubernetes-charts.storage.googleapis.com --helm-chart nginx-ingress --revision 1.24.3 --dest-namespace default --dest-server https://kubernetes.default.svc

    # Create a Kustomize app
    argocd app create kustomize-guestbook --repo https://github.com/argoproj/argocd-example-apps.git --path kustomize-guestbook --dest-namespace default --dest-server https://kubernetes.default.svc --kustomize-image gcr.io/heptio-images/ks-guestbook-demo:0.1

    # Create a app using a custom tool:
    argocd app create ksane --repo https://github.com/argoproj/argocd-example-apps.git --path plugins/kasane --dest-namespace default --dest-server https://kubernetes.default.svc --config-management-plugin kasane