This repository has been archived by the owner on Aug 1, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 8
/
Makefile
80 lines (79 loc) · 4.77 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
.PHONY: deploy get-argocd-password helm-repos install post-install pre-install provision-linkerd list test clean all
d=`date -v+8760H +"%Y-%m-%dT%H:%M:%SZ"`
provision-linkerd:
step certificate create root.linkerd.cluster.local ca.crt ca.key \
--profile root-ca --no-password --insecure -f
step certificate create identity.linkerd.cluster.local issuer.crt issuer.key \
--profile intermediate-ca --not-after 8760h --no-password --insecure \
--ca ca.crt --ca-key ca.key -f
helm install linkerd2 \
--set-file identityTrustAnchorsPEM=ca.crt \
--set-file identity.issuer.tls.crtPEM=issuer.crt \
--set-file identity.issuer.tls.keyPEM=issuer.key \
--set identity.issuer.crtExpiry=$(d) \
linkerd/linkerd2
helm-repos:
helm repo add linkerd https://helm.linkerd.io/stable
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo add falcosecurity https://falcosecurity.github.io/charts
helm repo add jetstack https://charts.jetstack.io
helm repo add argo https://argoproj.github.io/argo-helm
helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com
helm repo add gatekeeper https://open-policy-agent.github.io/gatekeeper/charts
helm repo add longhorn https://charts.longhorn.io
helm repo add jaegertracing https://jaegertracing.github.io/helm-charts
helm repo add k8ssandra https://helm.k8ssandra.io/
helm repo update
install: helm-repos provision-linkerd pre-install helm-install post-install
pre-install:
kubectl create ns argocd || true
kubectl create ns monitoring || true
kubectl create ns cert-manager || true
kubectl create ns ingress-nginx || true
kubectl create ns longhorn-system || true
kubectl create ns tracing || true
kubectl create ns cassandra || true
kubectl create ns apps || true
kubectl annotate ns argocd linkerd.io/inject=enabled --overwrite
kubectl annotate ns cert-manager linkerd.io/inject=enabled --overwrite
kubectl annotate ns apps linkerd.io/inject=enabled --overwrite
falco-install:
if [ -z "${SLACK_FALCO_WEBHOOK_URL}" ]; then \
helm install sidekick falcosecurity/falcosidekick -n kube-system --set=config.debug=true; \
else \
helm install sidekick falcosecurity/falcosidekick -n kube-system --set config.slack.webhookurl=${SLACK_FALCO_WEBHOOK_URL} --set=config.debug=true; \
fi
helm install falco falcosecurity/falco -n kube-system --set=falco.httpOutput.enabled=true --set=falco.httpOutput.url=http://sidekick-falcosidekick.kube-system.svc.cluster.local:2801/ --set=falco.logLevel=debug --set=falco.jsonOutput=true
helm-install: prometheus-observability-install falco-install
helm install longhorn longhorn/longhorn --namespace longhorn-system
helm install k8ssandra-cluster k8ssandra/k8ssandra -n cassandra --set=cassandra.cassandraLibDirVolume.storageClass=longhorn --set=cassandra.size=3
helm install cert-manager --namespace cert-manager --version v1.0.2 jetstack/cert-manager --set=installCRDs=true
helm install nginx ingress-nginx/ingress-nginx --version 3.3.0 --namespace ingress-nginx
helm install argo argo/argo-cd -n argocd --set=server.extraArgs={--insecure}
helm install gatekeeper gatekeeper/gatekeeper
post-install:
kubectl wait --for=condition=ready pods -l "app=webhook" -n cert-manager
kubectl wait --for=condition=ready pods -l "app.kubernetes.io/name=ingress-nginx" -n ingress-nginx
kubectl apply -f resources/ingress/clusterissuer.yaml
sed 's,DOMAIN,${DOMAIN},g' resources/ingress/grafana-ingress.yaml | kubectl apply -f - -n monitoring
sed 's,DOMAIN,${DOMAIN},g' resources/ingress/argocd-ingress.yaml | kubectl apply -f - -n argocd
sed 's,DOMAIN,${DOMAIN},g' resources/ingress/jaeger-ingress.yaml | kubectl apply -f - -n monitoring
kubectl apply -f resources/prometheus/prometheusrules.yaml -n monitoring
kubectl apply -f resources/argocd/application-bootstrap.yaml -n argocd
prometheus-observability-install:
helm install prom prometheus-community/kube-prometheus-stack -n monitoring
helm install jaeger jaegertracing/jaeger-operator -n monitoring
kubectl create -f https://raw.githubusercontent.com/jaegertracing/jaeger-operator/master/deploy/cluster_role.yaml
kubectl create -f https://raw.githubusercontent.com/jaegertracing/jaeger-operator/master/deploy/cluster_role_binding.yaml
kubectl apply -f resources/jaeger/config.yaml -n monitoring
get-argocd-password:
kubectl get pods -n argocd -l app.kubernetes.io/name=argocd-server -o name | cut -d'/' -f 2
set-argocd-password:
kubectl -n argocd patch secret argocd-secret -p '{"stringData": {"admin.password": "$2a$10$Oa1Bh.rkf9UiRsV80TnjwuC06jKTBn1PK05dm/uspH..HyWw8HFRG","admin.passwordMtime": "'$(date +%FT%T%Z)'"}}'
check_defined = \
$(strip $(foreach 1,$1, \
$(call __check_defined,$1,$(strip $(value 2)))))
__check_defined = \
$(if $(value $1),, \
$(error Undefined $1$(if $2, ($2))$(if $(value @), \
required by target `$@')))