-
Notifications
You must be signed in to change notification settings - Fork 14
/
install.sh
executable file
·76 lines (61 loc) · 2.52 KB
/
install.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
#!/bin/bash
# Creates three k3d clusters: dev, east, & west.
#
set -eu
set -x
ORG_DOMAIN="${ORG_DOMAIN:-k3d.example.com}"
LINKERD="${LINKERD:-linkerd}"
CA_DIR=$(mktemp --tmpdir="${TMPDIR:-/tmp}" -d k3d-ca.XXXXX)
if ! command -v linkerd >/dev/null 2>&1 ; then
echo "linkerd not found in PATH" >&2
exit 1
fi
if ! command -v linkerd-smi >/dev/null 2>&1 ; then
echo "linkerd-smi not found in PATH" >&2
exit 1
fi
# Generate the trust roots. These never touch the cluster. In the real world
# we'd squirrel these away in a vault.
step certificate create \
"identity.linkerd.${ORG_DOMAIN}" \
"$CA_DIR/ca.crt" "$CA_DIR/ca.key" \
--profile root-ca \
--no-password --insecure --force
for cluster in dev east west ; do
# Check that the cluster is up and running.
while ! $LINKERD --context="k3d-$cluster" check --pre ; do :; done
# Create issuing credentials. These end up on the cluster (and can be
# rotated from the root).
crt="${CA_DIR}/${cluster}-issuer.crt"
key="${CA_DIR}/${cluster}-issuer.key"
domain="${cluster}.${ORG_DOMAIN}"
step certificate create "identity.linkerd.${domain}" \
"$crt" "$key" \
--ca="$CA_DIR/ca.crt" \
--ca-key="$CA_DIR/ca.key" \
--profile=intermediate-ca \
--not-after 8760h --no-password --insecure
$LINKERD --context="k3d-$cluster" install --crds |
kubectl --context="k3d-$cluster" apply -f -
# Install Linkerd into the cluster.
$LINKERD --context="k3d-$cluster" install \
--proxy-log-level="linkerd=debug,trust_dns=debug,info" \
--cluster-domain="$domain" \
--identity-trust-domain="$domain" \
--identity-trust-anchors-file="$CA_DIR/ca.crt" \
--identity-issuer-certificate-file="${crt}" \
--identity-issuer-key-file="${key}" |
kubectl --context="k3d-$cluster" apply -f -
# Wait some time and check that the cluster has started properly.
sleep 30
while ! $LINKERD --context="k3d-$cluster" check ; do :; done
linkerd smi --context="k3d-$cluster" install --set="clusterDomain=$domain" |
kubectl --context="k3d-$cluster" apply -f -
kubectl --context="k3d-$cluster" create ns linkerd-multicluster
kubectl --context="k3d-$cluster" annotate ns/linkerd-multicluster \
config.linkerd.io/proxy-log-level='linkerd=info,warn'
sleep 2
# Setup the multicluster components on the server
$LINKERD --context="k3d-$cluster" multicluster install |
kubectl --context="k3d-$cluster" apply -f -
done