-
Notifications
You must be signed in to change notification settings - Fork 0
/
k3d-cluster
executable file
·608 lines (539 loc) · 18 KB
/
k3d-cluster
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
#!/bin/sh
source manage_hosts.sh
# Instalation variables
CLUSTER_DOMAIN=fuf.me
API_PORT=6443
HTTP_PORT=80
HTTPS_PORT=443
CLUSTER_NAME=k3d-cluster
READ_VALUE=
SERVERS=1
AGENTS=2
TRAEFIK_V2=Yes
INSTALL_INGRESS=Yes
INSTALL_DASHBOARD=No
INSTALL_PROMETHEUS=Yes
INSTALL_ARGOCD=Yes
INSTALL_TEKTON=Yes
# bold text
bold=$(tput bold)
normal=$(tput sgr0)
yes_no="(${bold}Y${normal}es/${bold}N${normal}o)"
# countdown function
function countdown ()
{
local OLD_IFS="${IFS}"
IFS=":"
local ARR=( $1 )
local SECONDS=$(( (ARR[0] * 60 * 60) + (ARR[1] * 60) + ARR[2] ))
local START=$(date +%s)
local END=$((START + SECONDS))
local CUR=$START
while [[ $CUR -lt $END ]]
do
CUR=$(date +%s)
LEFT=$((END-CUR))
printf "\r%02d:%02d:%02d" \
$((LEFT/3600)) $(( (LEFT/60)%60)) $((LEFT%60))
sleep 1
done
IFS="${OLD_IFS}"
echo " "
}
# $1 text to show - $2 default value
read_value ()
{
read -p "${1} [${bold}${2}${normal}]: " READ_VALUE
if [ "${READ_VALUE}" = "" ]
then
READ_VALUE=$2
fi
}
# Check if exist docker, k3d and kubectl
checkDependencies ()
{
# Check Docker
if ! type docker > /dev/null; then
echo "Docker could not be found. Installing it ..."
curl -L -o ./install-docker.sh "https://get.docker.com"
chmod +x ./install-docker.sh
./install-docker.sh
sudo usermod -aG docker $USER
#exit
fi
# Check K3D
if ! type k3d > /dev/null; then
echo "K3D could not be found. Installing it ..."
curl -s https://raw.githubusercontent.com/rancher/k3d/main/install.sh | bash
# Install k3d autocompletion for bash
echo "source <(k3d completion bash)" >> ~/.bashrc
#exit
fi
# Check Kubectl
if ! type kubectl > /dev/null; then
echo "Kubectl could not be found. Installing it ..."
curl -LO "https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl"
chmod +x ./kubectl
sudo mv ./kubectl /usr/local/bin/kubectl
kubectl version --client
#exit
fi
# Check Helm
if ! type helm > /dev/null; then
echo "Helm could not be found. Installing it ..."
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
chmod +x ./get_helm.sh
./get_helm.sh
# Add default repos
helm repo add stable https://charts.helm.sh/stable
# Add kubernetes-dashboard repository
helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
# Add bitnami helm repos
helm repo add bitnami https://charts.bitnami.com/bitnami
# Add Prometheus helm repos
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
# Update helm
helm repo update
#exit
fi
}
header()
{
echo "\n\n${bold}${1}${normal}\n-------------------------------------"
}
footer()
{
echo "-------------------------------------"
}
configValues ()
{
read_value "Cluster Name" "${CLUSTER_NAME}"
CLUSTER_NAME=${READ_VALUE}
read_value "Cluster Domain" "${CLUSTER_DOMAIN}"
CLUSTER_DOMAIN=${READ_VALUE}
read_value "API Port" "${API_PORT}"
API_PORT=${READ_VALUE}
read_value "Servers (Masters)" "${SERVERS}"
SERVERS=${READ_VALUE}
read_value "Agents (Workers)" "${AGENTS}"
AGENTS=${READ_VALUE}
read_value "LoadBalancer HTTP Port" "${HTTP_PORT}"
HTTP_PORT=${READ_VALUE}
read_value "LoadBalancer HTTPS Port" "${HTTPS_PORT}"
HTTPS_PORT=${READ_VALUE}
read_value "Tekton" "${INSTALL_TEKTON}"
INSTALL_TEKTON=${READ_VALUE}
read_value "Argo" "${INSTALL_ARGOCD}"
INSTALL_ARGOCD=${READ_VALUE}
read_value "Ingress" "${INSTALL_INGRESS}"
INSTALL_INGRESS=${READ_VALUE}
read_value "Dashboard" "${INSTALL_DASHBOARD}"
INSTALL_DASHBOARD=${READ_VALUE}
read_value "Prometheus" "${INSTALL_PROMETHEUS}"
INSTALL_PROMETHEUS=${READ_VALUE}
}
installCluster ()
{
header "Deleting Previous Cluster"
k3d cluster delete ${CLUSTER_NAME}
footer
header "Creating K3D cluster"
#https://github.com/rancher/k3d/blob/main/tests/assets/config_test_simple.yaml
# k3d registry create "$CLUSTER_NAME-registry.localhost" --port 55515
# k3d registry create registry.localhost --port 5000
cat <<EOF > tmp-k3d-${CLUSTER_NAME}.yaml
apiVersion: k3d.io/v1alpha2
kind: Simple
name: ${CLUSTER_NAME}
servers: ${SERVERS}
agents: ${AGENTS}
kubeAPI:
hostIP: "0.0.0.0"
hostPort: "${API_PORT}" # kubernetes api port 6443:6443
image: rancher/k3s:latest
#image: rancher/k3s:v1.19.4-k3s1
volumes:
# - volume: $(pwd)/k3deploy/helm-ingress-ngnx.yaml:/var/lib/rancher/k3s/server/manifests/helm-ingress-nginx.yaml
- volume: $(pwd)/k3dvol:/k3dvol # volume in host:container
nodeFilters:
- all
ports:
- port: ${HTTP_PORT}:80 # http port host:container
nodeFilters:
- loadbalancer
- port: 0.0.0.0:${HTTPS_PORT}:443 # https port host:container
nodeFilters:
- loadbalancer
env:
- envVar: secret=token
nodeFilters:
- all
labels:
- label: best_cluster=forced_tag
nodeFilters:
- server[0] #
- loadbalancer
options:
k3d:
wait: true
timeout: "60s" # avoid an start/stop cicle when start fails
disableLoadbalancer: false
disableImageVolume: false
k3s:
extraServerArgs:
- --tls-san=127.0.0.1
- --disable=traefik
# - --flannel-backend=none
extraAgentArgs: []
kubeconfig:
updateDefaultKubeconfig: true # update kubeconfig when cluster starts
switchCurrentContext: true # change this cluster context when cluster starts
EOF
k3d registry create reg.localhost --port 5111 # mapped to k3d-reg.localhost
k3d cluster create --config tmp-k3d-${CLUSTER_NAME}.yaml --registry-use k3d-reg.localhost:5111
header "waiting for cluster init ..."
sleep 5
kubectl config use-context k3d-${CLUSTER_NAME}
kubectl cluster-info
footer
header "Provisioning Persistent Volume"
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: PersistentVolume
metadata:
name: k3d-pv
labels:
type: local
spec:
storageClassName: manual
capacity:
storage: 50Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/k3dvol"
EOF
# kubectl describe pv k3d-pv
footer
}
generateCert ()
{
header "Generating Cert for ${CLUSTER_DOMAIN}"
mkcert ${CLUSTER_DOMAIN} "*.${CLUSTER_DOMAIN}" && cp *${CLUSTER_DOMAIN}* ./certs/
header "Installing Cert for ${CLUSTER_DOMAIN}"
mkcert --install
header "Adding 127.0.0.1 ${CLUSTER_DOMAIN} to your /etc/hosts "
#sudo -- sh -c "echo 127.0.0.1 ${CLUSTER_DOMAIN} >> /etc/hosts"
}
addSubdomainEtc ()
{
header "Adding 127.0.0.1 ${1}.${CLUSTER_DOMAIN} to your /etc/hosts "
#sudo -- sh -c "echo 127.0.0.1 ${1}.${CLUSTER_DOMAIN} >> /etc/hosts"
# header "Adding 127.0.0.1 ${CLUSTER_DOMAIN}.registry to your /etc/hosts"
addhost ${1}.${CLUSTER_DOMAIN}
#sudo -- sh -c "echo 127.0.0.1 registry.localhost >> /etc/hosts"
}
installIngress ()
{
header "Instaling Fake Cert locally"
generateCert
header "Instaling Ingress"
# Create Namespace
kubectl create namespace ingress
# Create a secret with server certificate
kubectl --namespace ingress create secret tls nginx-server-certs --key certs/${CLUSTER_DOMAIN}+1-key.pem --cert certs/${CLUSTER_DOMAIN}+1.pem
# Install ingress with tls enabled providing certificates stored in namespace
cat <<EOF | helm install --namespace ingress -f - ingress bitnami/nginx-ingress-controller
extraArgs:
default-ssl-certificate: "ingress/nginx-server-certs"
EOF
footer
sleep 5
header "LoadBalancer info:"
kubectl -n ingress get svc | egrep -e NAME -e LoadBalancer
footer
#kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/cloud/deploy.yaml
}
installDashboard ()
{
header "Instaling Dashboard"
# Install Kubernetes Dashboard
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
# Create dashboard account
kubectl create serviceaccount dashboard-admin-sa
# bind the dashboard-admin-service-account service account to the cluster-admin role
kubectl create clusterrolebinding dashboard-admin-sa --clusterrole=cluster-admin --serviceaccount=default:dashboard-admin-sa
# Install Dashboard Ingress
# cat <<EOF | helm install -namespace kubernetes-dashboard -f - dashboard kubernetes-dashboard/kubernetes-dashboard
#enableInsecureLogin: false
#insecure-bind-address: 0.0.0.0
#enable-skip-login: true
#EOF
#helm install --namespace kubernetes-dashboard dashboard kubernetes-dashboard/kubernetes-dashboard
# display token
header "Keep this Token to acces dashboard"
#kubectl describe secret $(kubectl get secrets | grep dashboard-admin-sa | cut -d' ' -f1)
kubectl describe secret $(kubectl get secrets | grep dashboard-admin-sa | awk '{ print $1 }')
header "Dashboard Access:"
echo "kubectl proxy"
echo "http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/#/login"
footer
}
installTekton()
{
kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml
kubectl apply --filename https://storage.googleapis.com/tekton-releases/dashboard/latest/release.yaml
addSubdomainEtc tekton
cat <<EOF | kubectl apply -f -
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: tekton-server-http-ingress
namespace: tekton-pipelines
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
spec:
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: tekton-dashboard
port:
number: 9097
host: tekton.fuf.me
tls:
- hosts:
- tekton.fuf.me
# secretName: argocd-secret # do not change, this is provided by Argo CD
EOF
}
installArogcd()
{
header "Instaling ArgoCd"
kubectl create namespace argocd || printf "\n Namespace exists\n"
kubectl create namespace guestbookex || printf "\n Namespace exists\n"
helm install argocd argo/argo-cd -f ./argo_insecure.yml -n argocd #overide with insecure set
cat <<EOF | kubectl apply -f -
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: argocd-server-http-ingress
namespace: argocd
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
spec:
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: argocd-server
port:
number: 80
host: argocd.fuf.me
tls:
- hosts:
- argocd.fuf.me
secretName: argocd-secret # do not change, this is provided by Argo CD
EOF
addSubdomainEtc argocd
}
installPrometheus ()
{
header "Instaling Prometheus & Grafana"
# Install Prometheus
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm install --namespace monitoring --create-namespace prometheus \
--set server.global.scrape_interval=30s prometheus-community/prometheus
# Install Grafana
helm repo add grafana https://grafana.github.io/helm-charts
helm install --namespace monitoring --create-namespace grafana bitnami/grafana \
--set sidecar.datasources.enabled=true --set sidecar.dashboards.enabled=true \
--set sidecar.datasources.label=grafana_datasource \
--set sidecar.dashboards.label=grafana_dashboard
# Create Ingress controler using server certificates
cat <<EOF | kubectl apply -f -
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: grafana
namespace: monitoring
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
ingressClassName: nginx
tls:
- hosts:
- grafana.${CLUSTER_DOMAIN}
# secretName: domain-com
rules:
- host: grafana.${CLUSTER_DOMAIN}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: grafana
port:
number: 3000
EOF
cat <<EOF | kubectl apply -f -
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: prometheus
namespace: monitoring
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
ingressClassName: nginx
tls:
- hosts:
- prometheus.${CLUSTER_DOMAIN}
# secretName: domain-com
rules:
- host: prometheus.${CLUSTER_DOMAIN}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: prometheus-server
port:
number: 9090
EOF
cat <<EOF | kubectl apply -f -
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-test-registry
labels:
app: nginx-test-registry
spec:
replicas: 1
selector:
matchLabels:
app: nginx-test-registry
template:
metadata:
labels:
app: nginx-test-registry
spec:
containers:
- name: nginx-test-registry
image: fuf.me.registry:59746/nginx:latest
ports:
- containerPort: 80
EOF
header "Grafana and Prometheus Access:"
echo "${bold}Prometheus${normal}:"
echo "url: https://prometheus.${CLUSTER_DOMAIN}"
footer
echo "${bold}Grafana${normal}:"
echo "url: https://grafana.${CLUSTER_DOMAIN}"
echo "username: admin"
echo "password: $(kubectl get secret --namespace monitoring grafana-admin -o jsonpath="{.data.GF_SECURITY_ADMIN_PASSWORD}" | base64 --decode ; echo)"
echo "\nuse 'kubectl get secret --namespace monitoring grafana-admin -o jsonpath="{.data.GF_SECURITY_ADMIN_PASSWORD}" | base64 --decode ; echo' to get password"
footer
addSubdomainEtc grafana
addSubdomainEtc prometheus
}
installKubeapps ()
{
header "Instaling Kubeapps"
cat <<EOF | helm install --namespace kubeapps --create-namespace -f - kubeapps bitnami/kubeapps
ingress:
enabled: true
hostname: kubeapps.${CLUSTER_DOMAIN}
tls: true
EOF
#helm install --namespace kubeapps --create-namespace kubeapps bitnami/kubeapps
kubectl create serviceaccount kubeapps-operator
kubectl create clusterrolebinding kubeapps-operator --clusterrole=cluster-admin --serviceaccount=default:kubeapps-operator
echo "url: https://kubeapps.${CLUSTER_DOMAIN}"
echo "Token: \n$( kubectl get secret $(kubectl get serviceaccount kubeapps-operator -o jsonpath='{range .secrets[*]}{.name}{"\n"}{end}' | grep kubeapps-operator-token) -o jsonpath='{.data.token}' -o go-template='{{.data.token | base64decode}}' && echo)"
footer
addSubdomainEtc kubeapps
}
isSelected()
{
if [ "${1}" = "Yes" ] || [ "${1}" = "yes" ] || [ "${1}" = "Y" ] || [ "${1}" = "y" ];
then
echo 1
else
echo 0
fi
}
installAddons ()
{
read_value "Install Ingress? ${yes_no}" "${INSTALL_INGRESS}"
if [ $(isSelected ${READ_VALUE}) = 1 ];
then
installIngress
fi
read_value "Install Dashbard? ${yes_no}" "${INSTALL_DASHBOARD}"
if [ $(isSelected ${READ_VALUE}) = 1 ];
then
installDashboard
fi
read_value "Install Prometheus? ${yes_no}" "${INSTALL_PROMETHEUS}"
if [ $(isSelected ${READ_VALUE}) = 1 ];
then
installPrometheus
fi
read_value "Install Kubeapps? ${yes_no}" "${INSTALL_PROMETHEUS}"
if [ $(isSelected ${READ_VALUE}) = 1 ];
then
installKubeapps
fi
}
showurls ()
{
header "Local K3d cluster endpoints :"
countdown "00:00:10"
echo "Prometheus : https://prometheus.${CLUSTER_DOMAIN}"
echo "Grafana: https://grafana.${CLUSTER_DOMAIN} user:admin pass:$(kubectl get secret --namespace monitoring grafana-admin -o jsonpath="{.data.GF_SECURITY_ADMIN_PASSWORD}" | base64 --decode ; echo)"
echo "ArgoCD : https://argocd.${CLUSTER_DOMAIN} user:admin pass:$(kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d)"
echo "Registry : http://localhost:5111 user:admin pass:admin"
}
# deployTekton()
# {
# }
helm repo add argo https://argoproj.github.io/argo-helm
helm repo add bitnami https://charts.bitnami.com/bitnami || header "Error adding bitnami "
checkDependencies
#Retrieve config values
configValues
# Todo Calico
installCluster
installAddons
installArogcd
kubectl config set-context "k3d-${CLUSTER_NAME}"
showurls
header "Provisioning Sample App on Argo"
argocd login argocd.${CLUSTER_DOMAIN} --password $(kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d) --username admin
# Create a directory app
argocd app create guestbook --repo https://github.com/argoproj/argocd-example-apps.git --path guestbook --dest-namespace default --dest-server https://kubernetes.default.svc --directory-recurse
# Create a Jsonnet app
argocd app create jsonnet-guestbook --repo https://github.com/argoproj/argocd-example-apps.git --path jsonnet-guestbook --dest-namespace default --dest-server https://kubernetes.default.svc --jsonnet-ext-str replicas=2
# Create a Helm app
argocd app create helm-guestbook --repo https://github.com/argoproj/argocd-example-apps.git --path helm-guestbook --dest-namespace default --dest-server https://kubernetes.default.svc --helm-set replicaCount=2
# Create a Helm app from a Helm repo
argocd app create nginx-ingress --repo https://kubernetes-charts.storage.googleapis.com --helm-chart nginx-ingress --revision 1.24.3 --dest-namespace default --dest-server https://kubernetes.default.svc
# Create a Kustomize app
argocd app create kustomize-guestbook --repo https://github.com/argoproj/argocd-example-apps.git --path kustomize-guestbook --dest-namespace default --dest-server https://kubernetes.default.svc --kustomize-image gcr.io/heptio-images/ks-guestbook-demo:0.1
# Create a app using a custom tool:
argocd app create ksane --repo https://github.com/argoproj/argocd-example-apps.git --path plugins/kasane --dest-namespace default --dest-server https://kubernetes.default.svc --config-management-plugin kasane