-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathhcs-script.sh
184 lines (131 loc) · 7.51 KB
/
hcs-script.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
#!/bin/bash
echo “Logging to Azure”
date
az login
echo -n “Enter your resource group name: ”
read resourcegroup
export RESOURCE_GROUP=$resourcegroup && echo $RESOURCE_GROUP
echo -n “Enter your email: ”
read email
export EMAIL=$email && echo $EMAIL
echo “Creating a resource group”
az group create -l westus2 -n $RESOURCE_GROUP
date
echo “Creating an AKS cluster - this may take up to 10 minutes”
az aks create -g $RESOURCE_GROUP -n $RESOURCE_GROUP-aks
wait
date
echo “Creating an HCS Datacenter -This may take up to 15 minutes”
az hcs create -g $RESOURCE_GROUP --name $RESOURCE_GROUP-managed-hcs --datacenter-name dc1 --email $EMAIL --external-endpoint enabled
wait
date
echo “Confirming your resources”
az resource list --resource-group $RESOURCE_GROUP -o table
echo “Setting an environment variable to the name of your AKS cluster”
export AKS_CLUSTER=$(az aks list --resource-group $RESOURCE_GROUP | jq -r '.[] | .name') && echo $AKS_CLUSTER
echo “Setting an environment variable to the name of your HCS managed app”
export HCS_MANAGED_APP=$(az hcs list --resource-group $RESOURCE_GROUP | jq -r '.[] | .name') && echo $HCS_MANAGED_APP
echo $RESOURCE_GROUP
echo “Setting an environment variable to the name of your HCS managed apps resource group”
export HCS_MANAGED_RESOURCE_GROUP=$((az hcs list --resource-group $RESOURCE_GROUP | jq -r '.[] | .managedResourceGroupId') | awk -F/ '{ print $5 }')
echo $HCS_MANAGED_RESOURCE_GROUP
echo “Adding remote AKS kubeconfig to local kubconfig”
az aks get-credentials --name $AKS_CLUSTER --resource-group $RESOURCE_GROUP
echo “Bootstrap ACLs and store the token as a Kubernetes secret”
az hcs create-token --name $HCS_MANAGED_APP --resource-group $RESOURCE_GROUP --output-kubernetes-secret | kubectl apply -f -
echo “Generate Consul key/cert and store as a Kubernetes secret”
az hcs generate-kubernetes-secret --name $HCS_MANAGED_APP --resource-group $RESOURCE_GROUP | kubectl apply -f -
echo “Export the config file to pass to helm during install”
az hcs generate-helm-values --name $HCS_MANAGED_APP --resource-group $RESOURCE_GROUP --aks-cluster-name $AKS_CLUSTER > config.yaml
echo “Enable the AKS specific setting exposeGossipPorts”
sed -i -e 's/^ # \(exposeGossipPorts\)/ \1/' config.yaml
echo “Configure the development host to talk to the public endpoint”
export CONSUL_HTTP_ADDR=$(az hcs show --name $HCS_MANAGED_APP --resource-group $RESOURCE_GROUP | jq -r .properties.consulExternalEndpointUrl) && echo $CONSUL_HTTP_ADDR
echo “Set the CONSUL_HTTP_TOKEN on the development host to authorize the CLI”
export CONSUL_HTTP_TOKEN=$(kubectl get secret $HCS_MANAGED_APP-bootstrap-token -o jsonpath={.data.token} | base64 -d) && echo $CONSUL_HTTP_TOKEN
echo “Set the CONSUL_HTTP_SSL_VERIFY flag to false on the development host”
export CONSUL_HTTP_SSL_VERIFY=false && echo $CONSUL_HTTP_SSL_VERIFY
echo “Verify that the development host can see the Consul servers”
consul members
export AKS_MANAGED_RESOURCE_GROUP=$(az resource show --resource-group $RESOURCE_GROUP -n $AKS_CLUSTER --query "properties.nodeResourceGroup" --resource-type Microsoft.ContainerService/managedClusters)
echo $AKS_MANAGED_RESOURCE_GROUP
echo “Confirming your resources”
az resource list --resource-group $RESOURCE_GROUP -o table
echo “Setting an environment variable to the name of your AKS cluster”
export AKS_CLUSTER=$(az aks list --resource-group $RESOURCE_GROUP | jq -r '.[] | .name') && echo $AKS_CLUSTER
echo “Setting an environment variable to the name of your HCS managed app”
export HCS_MANAGED_APP=$(az hcs list --resource-group $RESOURCE_GROUP | jq -r '.[] | .name') && echo $HCS_MANAGED_APP
echo $RESOURCE_GROUP
echo “Setting an environment variable to the name of your HCS managed apps resource group”
export HCS_MANAGED_RESOURCE_GROUP=$((az hcs list --resource-group $RESOURCE_GROUP | jq -r '.[] | .managedResourceGroupId') | awk -F/ '{ print $5 }')
echo $HCS_MANAGED_RESOURCE_GROUP
echo “Adding remote AKS kubeconfig to local kubconfig”
az aks get-credentials --name $AKS_CLUSTER --resource-group $RESOURCE_GROUP
echo “Configure the development host to talk to the public endpoint”
export CONSUL_HTTP_ADDR=$(az hcs show --name $HCS_MANAGED_APP --resource-group $RESOURCE_GROUP | jq -r .properties.consulExternalEndpointUrl) && echo $CONSUL_HTTP_ADDR
echo “Set the CONSUL_HTTP_TOKEN on the development host to authorize the CLI”
export CONSUL_HTTP_TOKEN=$(kubectl get secret $HCS_MANAGED_APP-bootstrap-token -o jsonpath={.data.token} | base64 -d) && echo $CONSUL_HTTP_TOKEN
echo CONSUL_HTTP_TOKEN=$CONSUL_HTTP_TOKEN=
echo “Set the CONSUL_HTTP_SSL_VERIFY flag to false on the development host”
export CONSUL_HTTP_SSL_VERIFY=false && echo $CONSUL_HTTP_SSL_VERIFY
echo “Verify that the development host can see the Consul servers”
consul members
export AKS_MANAGED_RESOURCE_GROUP=$(az resource show --resource-group $RESOURCE_GROUP -n $AKS_CLUSTER --query "properties.nodeResourceGroup" --resource-type Microsoft.ContainerService/managedClusters | xargs)
echo $AKS_MANAGED_RESOURCE_GROUP
export HCS_VNET_NAME=$(az network vnet list --resource-group $HCS_MANAGED_RESOURCE_GROUP | jq -r '.[0].name')
echo HCS_VNET_NAME=$HCS_VNET_NAME
export AKS_VNET_ID=$(az network vnet list --resource-group $AKS_MANAGED_RESOURCE_GROUP | jq -r '.[0].id')
echo AKS_VNET_ID=$AKS_VNET_ID
export HCS_VNET_ID=$(az network vnet list --resource-group $HCS_MANAGED_RESOURCE_GROUP | jq -r '.[0].id')
echo HCS_VNET_ID=$HCS_VNET_ID
export AKS_VNET_NAME=$(az network vnet list --resource-group $AKS_MANAGED_RESOURCE_GROUP | jq -r '.[0].name')
echo AKS_VNET_NAME=$AKS_VNET_NAME
echo “Create a peering from the HCS Datacenter's vnet to the AKS Cluster's vnet”
az network vnet peering create \
-g $HCS_MANAGED_RESOURCE_GROUP \
-n hcs-to-aks \
--vnet-name $HCS_VNET_NAME \
--remote-vnet $AKS_VNET_ID \
--allow-vnet-access
echo “Create a peering from the AKS Cluster's vnet to the HCS Datacenter's vnet”
az network vnet peering create \
-g $AKS_MANAGED_RESOURCE_GROUP \
-n aks-to-hcs \
--vnet-name $AKS_VNET_NAME \
--remote-vnet $HCS_VNET_ID \
--allow-vnet-access
echo “Install the Consul clients to the AKS Cluster”
helm install hcs hashicorp/consul -f config.yaml --wait
echo “Verify the installation”
consul members
kubectl get pods
git clone https://github.com/hashicorp/learn-consul-hcs-on-azure
sleep 20
kubectl apply -f ~/learn-consul-hcs-on-azure/hashicups/ --wait
kubectl get pods
echo “Create a config entry for an ingress gateway”
consul config write ~/learn-consul-hcs-on-azure/hashicups/ingress-gateway.hcl
date
echo “Add the ingress gateway to the helm configuration file”
tee -a ./config.yaml <<EOF
ingressGateways:
enabled: true
defaults:
replicas: 1
gateways:
- name: ingress-gateway
service:
type: LoadBalancer
EOF
date
helm upgrade -f ./config.yaml hcs hashicorp/consul --wait
consul intention create ingress-gateway frontend && \
consul intention create frontend public-api && \
consul intention create public-api products-api && \
consul intention create products-api postgres
kubectl get svc
export INGRESS_IP=$(kubectl get svc/consul-ingress-gateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}') && echo $INGRESS_IP
#Set the INGRESS_PORT environment variable. This is so that the Katacoda environment can load the UI.
export INGRESS_PORT=$(kubectl get svc/consul-ingress-gateway -o jsonpath='{.spec.ports[0].port}') && echo $INGRESS_PORT
#Now, generate a clickable link in the console.
echo http://$INGRESS_IP:$INGRESS_PORT