-
Notifications
You must be signed in to change notification settings - Fork 2
/
install.sh
executable file
·162 lines (120 loc) · 4.45 KB
/
install.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
#!/bin/bash
set -e
CNRM_VERSION=1.42.0
CNRM_NAME=cnrm-system
K8S_CLUSTER=
K8S_REGION=
ROOT_DIR=$PWD
function set_k8s_vars() {
local choice="$1"
local clusters=(${@:2})
cl_pair=${clusters[$choice]}
cluster=(${cl_pair//:/ })
K8S_CLUSTER=${cluster[0]}
K8S_REGION=${cluster[1]}
}
function get_cluster() {
echo "Determine cluster ..."
# list all clusters from current project to the user
raw_clusters=$(gcloud container clusters list -q)
echo "$raw_clusters"
clusters=($(echo -e "$raw_clusters" | awk 'FNR > 1 {print $1 ":" $2 }' ))
if [ "${#clusters[@]}" -eq 1 ] ; then
echo "Going for the only available cluster: ${#clusters[@]}"
set_k8s_vars 0 "${clusters[@]}"
return
fi
count=0
echo -e "\nCHOICE NAME \tZONE"
for cluster_pair in ${clusters[@]}; do
cluster=(${cluster_pair//:/ })
echo -e "$count -> ${cluster[0]} ${cluster[1]}"
let count++ 1
done
while ! [ -n "$choice" ] || ! [ "$choice" -eq "$choice" ] || [ "$choice" -ge "$count" ] || [ "$choice" -lt "0" ]; do
choice=0
echo -en "\nEnter your choice for cluster [$choice] (${cluster_pair[$choice]}): ";
read choice;
done
set_k8s_vars $choice ${clusters[@]}
}
# uninstall config connector
function uninstall() {
echo "Uninstall old version ..."
DELETE="kubectl delete --all-namespaces --ignore-not-found --wait=true"
$DELETE sts,deploy,po,svc,roles,clusterroles,clusterrolebindings -l cnrm.cloud.google.com/system=true
$DELETE validatingwebhookconfiguration abandon-on-uninstall.cnrm.cloud.google.com
$DELETE validatingwebhookconfiguration validating-webhook.cnrm.cloud.google.com
$DELETE mutatingwebhookconfiguration mutating-webhook.cnrm.cloud.google.com
}
function configure_iam() {
echo "Configure IAM ..."
# create cnrm-system account if created this may fail
gcloud iam service-accounts create $CNRM_NAME || true
# give owner permissions on your project
gcloud projects add-iam-policy-binding $GOOGLE_CLOUD_PROJECT \
--member="serviceAccount:${CNRM_NAME}@$GOOGLE_CLOUD_PROJECT.iam.gserviceaccount.com" \
--role="roles/owner"
# IAM policy binding between the IAM Service Account and the predefined Kubernetes service account
gcloud iam service-accounts add-iam-policy-binding $CNRM_NAME@$GOOGLE_CLOUD_PROJECT.iam.gserviceaccount.com \
--member="serviceAccount:$GOOGLE_CLOUD_PROJECT.svc.id.goog[${CNRM_NAME}/cnrm-controller-manager]" \
--role="roles/iam.workloadIdentityUser"
}
function install() {
echo "Install Config Connector ..."
# temporary directory
mkdir -p tmp
cd tmp
# download manifests
wget https://github.com/GoogleCloudPlatform/k8s-config-connector/archive/$CNRM_VERSION.tar.gz -O release-bundle.tar.gz
# extract
tar zxvf release-bundle.tar.gz k8s-config-connector-$CNRM_VERSION/install-bundles/install-bundle-workload-identity/ 1>/dev/null
mv k8s-config-connector-$CNRM_VERSION/install-bundles/install-bundle-workload-identity manifests
# Provide your project ID in the controller's installation manifest
sed -i.bak "s/\${PROJECT_ID?}/$GOOGLE_CLOUD_PROJECT/" manifests/0-cnrm-system.yaml
# apply manifests
kubectl apply -f manifests/
# cleanup tmp resources
cd ..
rm -rf tmp
}
function check_installation() {
echo "Check installation ..."
kubectl wait -n cnrm-system \
--for=condition=Ready pod --all
}
function cloudshell_setup() {
if [ "$GOOGLE_CLOUD_PROJECT" == "" ]; then
echo -n "Enter your google cloud project id: "
read GOOGLE_CLOUD_PROJECT
fi
# set project or make sure that the project is set
gcloud config set project $GOOGLE_CLOUD_PROJECT
# fetch values for K8S_CLUSTER and K8S_REGION
get_cluster
gcloud container clusters get-credentials $K8S_CLUSTER --region $K8S_REGION --project $GOOGLE_CLOUD_PROJECT
}
function cloudshell_cleanup() {
# skip if is not ran in cloudshell
if [ "$CLOUD_SHELL" != "true" ]; then
return
fi
cd $ROOT_DIR/..
rm -rf $ROOT_DIR
}
function main() {
# setup cloudshell (project, cluster, etc.)
cloudshell_setup
# make sure that config connector is not installed
uninstall
# Setting up the identity
configure_iam
# install
install
# check installation
check_installation
cloudshell_cleanup
}
if [ "${1}" != "--source-only" ]; then
main
fi