-
Notifications
You must be signed in to change notification settings - Fork 16
/
bootstrap-rke.sh
executable file
·176 lines (147 loc) · 7.05 KB
/
bootstrap-rke.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
#!/bin/bash
# Remove pre-existing state
rm terraform.tfstate
rm terraform.tfstate.backup
rm cluster.rkestate
rm kube_config_cluster.yml
set -e
#Provision Nodes in Azure
terraform apply -auto-approve
terraform output -json > output.json
# Grab ssh variables
admin=$(cat output.json | jq '.admin.value' | sed 's/\"//g')
private_key_path=$(cat output.json | jq '.administrator_ssh_private.value' | sed 's/\"//g')
private_key_path2=$(echo $private_key_path | sed 's/\//\\\//g')
# Grab software variable
rke_version=$(cat output.json | jq '.rke_version.value' | sed 's/\"//g')
helm_version=$(cat output.json | jq '.helm_version.value' | sed 's/\"//g')
resource_group_name=$(cat output.json | jq '.resource_group.value' | sed 's/\"//g')
# Grab let's encrypt variables
email=$(cat output.json | jq '.letsencrypt_email.value' | sed 's/\"//g')
environment=$(cat output.json | jq '.letsencrypt_environment.value' | sed 's/\"//g')
# Grab rancher variables
rancher_hostname=$(cat output.json | jq '.rancher_hostname.value' | sed 's/\"//g')
#Remove any existing Service Principal with the same name
az ad app delete --id http://$rancher_hostname
# Create a Service Principal
resource_group=$(az group show -n $resource_group_name | jq '.id' | sed -e 's/\"//g')
subscription_id=$(echo $resource_group | awk -F/ '{print $3}')
service_principal=$(az ad sp create-for-rbac --name "$rancher_hostname" --role Contributor --scopes $resource_group)
client_id=$(echo $service_principal | jq '.appId')
tenant_id=$(echo $service_principal | jq '.tenant')
client_secret=$(echo $service_principal | jq '.password')
# Create RKE Configuation Template files to be merged later
if [ -f ./etcd.yml ]; then
rm ./etcd.yml
fi
ips=$(cat output.json | jq '.etcd_nodes.value | @csv' | sed -e 's/\\//g' -e 's/\"//g')
privateips=$(cat output.json | jq '.etcd_node_privateips.value | @csv' | sed -e 's/\\//g' -e 's/\"//g')
index=1
for node in $(cat output.json | jq '.etcd_node_names.value[]'); do
ip=$(echo $ips | awk -F, -v i="$index" '{print $i}')
privateip=$(echo $privateips | awk -F, -v i="$index" '{print $i'})
sed -e "s/<PUBLICIP>/$ip/g" -e "s/<PRIVATEIP>/$privateip/g" -e "s/<USER>/$admin/" -e 's/<ROLE>/etcd/' -e "s/<PEM_FILE>/$private_key_path2/" -e "s/<HOSTNAME>/$node/" ./node-template.yml >> etcd.yml
index=$(expr $index + 1)
done
if [ -f ./controlplane.yml ]; then
rm ./controlplane.yml
fi
ips=$(cat output.json | jq '.controlplane_nodes.value | @csv' | sed -e 's/\\//g' -e 's/\"//g')
privateips=$(cat output.json | jq '.controlplane_node_privateips.value | @csv' | sed -e 's/\\//g' -e 's/\"//g')
index=1
for node in $(cat output.json | jq '.controlplane_node_names.value[]'); do
ip=$(echo $ips | awk -F, -v i="$index" '{print $i}')
privateip=$(echo $privateips | awk -F, -v i="$index" '{print $i'})
sed -e "s/<PUBLICIP>/$ip/g" -e "s/<PRIVATEIP>/$privateip/g" -e "s/<USER>/$admin/" -e 's/<ROLE>/controlplane/' -e "s/<PEM_FILE>/$private_key_path2/" -e "s/<HOSTNAME>/$node/" ./node-template.yml >> controlplane.yml
index=$(expr $index + 1)
done
if [ -f ./worker.yml ]; then
rm ./worker.yml
fi
ips=$(cat output.json | jq '.worker_nodes.value | @csv' | sed -e 's/\\//g' -e 's/\"//g')
privateips=$(cat output.json | jq '.worker_node_privateips.value | @csv' | sed -e 's/\\//g' -e 's/\"//g')
index=1
for node in $(cat output.json | jq '.worker_node_names.value[]'); do
ip=$(echo $ips | awk -F, -v i="$index" '{print $i}')
privateip=$(echo $privateips | awk -F, -v i="$index" '{print $i'})
sed -e "s/<PUBLICIP>/$ip/g" -e "s/<PRIVATEIP>/$privateip/g" -e "s/<USER>/$admin/" -e 's/<ROLE>/worker/' -e "s/<PEM_FILE>/$private_key_path2/" -e "s/<HOSTNAME>/$node/" ./node-template.yml >> worker.yml
index=$(expr $index + 1)
done
# Create the RKE Cluster Configuration File
# Grab Azure Cloud Configuration Provider Variables
cat worker.yml controlplane.yml etcd.yml > nodes.yml
sed -e '/<NODES>/ {' -e 'r nodes.yml' -e 'd' -e '}' cluster-template.yml > cluster.yml
sed -e "s/<TENANTID>/$tenant_id/" -e "s/<SUBSCRIPTIONID>/\"$subscription_id\"/" -e "s/<CLIENTID>/$client_id/" -e "s/<CLIENTSECRET>/$client_secret/" azure-config-template.yml >> cluster.yml
# Grab RKE
if [ ! -f ./rke_linux-amd64 ]; then
echo "rke not found. Downloading from github."
wget https://github.com/rancher/rke/releases/download/$rke_version/rke_linux-amd64
chmod 700 ./rke_linux-amd64
else
if [ "rke version $rke_version" = "$(./rke_linux-amd64 -v)" ]
then
echo "rke version is $rke_version. Continuing."
else
echo "rke version is not $rke_version. Downloading from github."
rm ./rke_linux-amd64
wget https://github.com/rancher/rke/releases/download/$rke_version/rke_linux-amd64
chmod 700 ./rke_linux-amd64
fi
fi
# Provision Kubernetes
./rke_linux-amd64 up
# Install Helm and Setup Tiller
# Download Helm
if [ ! -f "./linux-amd64/helm" ]; then
echo "Helm not found. Downloading."
wget https://storage.googleapis.com/kubernetes-helm/helm-$helm_version-linux-amd64.tar.gz
tar -xvzf ./helm-$helm_version-linux-amd64.tar.gz
else
helm_client_version=$(./linux-amd64/helm version -c --short)
if [[ $helm_client_version = *"$helm_version"* ]]
then
echo "Helm version is $helm_client_version. Continuing."
else
echo "Helm version is not $helm_version. Downloading."
rm -rf ./linux-amd64
wget https://storage.googleapis.com/kubernetes-helm/helm-$helm_version-linux-amd64.tar.gz
tar -xvzf ./helm-$helm_version-linux-amd64.tar.gz
fi
fi
config_path="$(pwd)/kube_config_cluster.yml"
# Setup Tiller
kubectl --kubeconfig="$config_path" -n kube-system create serviceaccount tiller
kubectl --kubeconfig="$config_path" create clusterrolebinding tiller \
--clusterrole cluster-admin \
--serviceaccount=kube-system:tiller
helm init --service-account tiller --kube-context local --kubeconfig "$config_path" --wait
helm repo add rancher-stable https://releases.rancher.com/server-charts/stable
helm repo add rancher-alpha https://releases.rancher.com/server-charts/alpha
helm repo add jetstack https://charts.jetstack.io
helm repo update
# Install Cert-Manager if you're using self-signed certificates or Let's Encrypt certificates.
kubectl --kubeconfig="$config_path" apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.9/deploy/manifests/00-crds.yaml
kubectl --kubeconfig="$config_path" create namespace cert-manager
kubectl --kubeconfig="$config_path" label namespace cert-manager certmanager.k8s.io/disable-validation=true
helm install \
--name cert-manager \
--namespace cert-manager \
--kube-context local \
--kubeconfig "$config_path" \
--version v0.9.1 \
--wait \
jetstack/cert-manager
# Install Rancher
helm install rancher-stable/rancher \
--version v2.2.8 \
--name rancher \
--namespace cattle-system \
--kube-context local \
--kubeconfig "$config_path" \
--set ingress.tls.source="letsEncrypt" \
--set letsEncrypt.email="$email" \
--set letsEncrypt.environment="$environment" \
--set hostname="$rancher_hostname" \
--set auditLog.level="1" \
--set addLocal="true" \
--wait